Marco Hainaut wrote:> hello ,
>
> I''m newbee with iptables and firewalling and my question is :
>
> How can I do to authorise access to a workstation in a local network
> with pcanywhere from the outside trough my
"routing-firewalling'' red hat
> 8 box newly installed from scratch ?
>
> eth0 = external if ( 212.145.X.X )
> eth1 = local if (192.168.0.2)
> used ports : 5631 (tcp) & 5632 (udp)
>
>
> Is there somebody can help me to write the correct script to make it
> working ?
>
> regards,
>
> Marco Hainaut
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
Marco,
suppose the IP address of your PC/Anywhere workstation is $PCANY.
Then you need at least the following rules:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5631 -j DNAT
--to-destination $PCANY
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 5632 -j DNAT
--to-destination $PCANY
iptables -t filter -A FORWARD -i eth0 -o eth1 -p tcp -m state --dport
5631 --syn --state NEW -j ACCEPT
iptables -t filter -A FORWARD -i eth0 -o eth1 -p udp --dport 5632 -j ACCEPT
iptables -t filter -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# If you need to nat all outgoing trafic...
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j MASQUERADE
Regards,
Stephane.
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/