Iptables and Port Forwarding problems.

[Albion]

I apologize for the double post, it would be nice if there were an edit and or delete feature.

We reciently brought down our old Linux Internet servers to replace it with new hardware (487 day uptime, nice). Anyway, the old server was an old RedHAT 6.0 install with kernel 2.0.21. We've replaced that with a bran new server running Linux Fedora Core 3 kernel 2.6.9.

My problem is that I cannot figure out how to work with IP tables and port forwarding. I have been all over the net and it's really confusing. Why can't it just be simple like ipchains, one command and that's that. Anyway, If anyone could help, all I really want to do is forward an incoming port on my server to a port on one of my client machines.

Thanks.

-Al

 

[xmb]

There are good reasons standing behind not having an edit/post.

Todays ipchains are called 'iptables', introduced with Linux 2.4. For complete docs or a howto, see netfilter.org (where also ipchains came from).

all I really want to do is forward an incoming port on my server to a port on one of my client machines.

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 222 -j DNAT --to 192.168.2.2:22 # eth0 is inet interface

Some other iptables examples, where all the flags appear is irrelevant:

iptables -A INPUT -m state --state NEW,INVALID -j DROP # drop new sessions
iptables -I INPUT -p icmp --icmp-type 8 -j LOG # log all ping requests
iptables -I INPUT -p icmp --icmp-type 8 -m state --state NEW -d ! 192.168.0.0/16 -j DROP # drop new pings
iptables -A INPUT -p tcp --dport 23 -j REJECT --reject-with tcp-reset # reject with a RST packet instead port-unreachable
iptables -A OUPUT -o eth1 -d 192.168.0.0/16 -j DROP

For a good all-in-one firewall script, see HardWall Firewall

. Mac for productivity
.. Linux for developement
... Windows for solitaire