iptables help

Lisa Kachold lisakachold at obnosis.com
Fri Apr 29 10:17:11 MST 2011 

Well, Brian solved it really; he's incredible.

The rest of us have to read for context against clear documentation and
compare via obnosis.

Glad you fixed it.

On Fri, Apr 29, 2011 at 9:33 AM, Nathan England <nathan at paysonlinux.org>wrote:

> Thank you greatly for the help! I resolved it. One of my lines was
> mistyped, and when I found it I promptly deleted it! Then realized I
> should have posted it so everyone would know what the offending line
> was... sorry.
>
> It was a proper line, but the system would work until I entered that
> rule in, then all would stop. Oh well, it works now! Thanks again!
>
> On Thu, Apr 28, 2011 at 7:40 PM, Lisa Kachold <lisakachold at obnosis.com>
> wrote:
> > Hey Nathan,
> >
> > Howzit goin?
> >
> > Here's that "love":
> >
> > On Thu, Apr 28, 2011 at 5:41 PM, Nathan England <nathan at paysonlinux.org>
> > wrote:
> >>
> >> I'm running a fedora 14 machine with eth0 being internal and eth1
> >> being external. It is setup for transparent proxying with dansguardian
> >> and squid. All works well. I also have apache running for web
> >> development on port 80, and I can access it. However, I want to access
> >> that web server from the outside world. I cannot for the life of me
> >> (atleast within the limits of my patience) get port 80 open on the
> >> external interface so I can access the web server.
> >>
> >> Can anyone offer some advice to make iptables show me some love? Or
> >> can I not do this all on the one machine?
> >
> > Dansguardian comes with basic iptables that look something like this:
> >
> > # Allow port 8080 (Dansguardian) to receive connections
> > iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT
> >
> > # Redirect port 80 to Dansguardian (port 8080)
> > iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
> > --to-ports 8080
> >
> > # Allow outgoing connections from the LAN side.
> > iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
> >
> > # Masquerade.
> > iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
> >
> > # Don't forward from the outside to the inside.
> > iptables -A FORWARD -i eth1 -o eth1 -j REJECT
> >
> > ==end example==
> >
> > So, I assume you aren't doing NAT, but you don't want to have the reject
> > statement?
> >
> > test:
> >
> > # /sbin/iptables-save |grep REJECT
> > # /sbin/iptables-save >file
> > # cp file file-new
> > # vi file-new  == change your order or read your whole tables and edit
> (or
> > post to the list so we can do it for you
> > # /sbin/iptables-restore <file-new
> >
> > TEST your internal to external port 80
> >
> > Works? Save
> > # /etc/init.d/iptables save
> >
> > No joy?  Rollback
> > # /sbin/iptables -F (don't do this if you are doing NAT or in production)
> > # /sbin/iptables-restore <file
> > # /etc/init.d/iptables save
> >
> > And remember if you get stuck, post your whole iptables here (obfuscating
> > real ipaddresses, etc) and we will fix it for ya.
> >
> > Also check this great resource:
> >
> > http://www.krr.org/linux/debian/HOWTO_QUICKIE_-_install_dansguardian.php
> >>
> >>
> >> --
> >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >> Nathan England
> >> I believe in the Constitution and the 4th Amendment. I am innocent and
> >> have nothing to hide, but NO agent of the state crosses my threshhold
> >> without a valid warrant signed by a judge and properly submitted. If
> >> we fail to exercise our rights, we lose them.
> >
> > --
> > (503) 754-4452 iPhone
> > (623) 239-3392 Skype
> > (623) 688-3392 Google Voice
> >
> >  http://www.it-clowns.com
> >
> > "If Python is executable pseudocode, then perl is executable line noise."
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> > To subscribe, unsubscribe, or to change your mail settings:
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >
>
>
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Nathan England
> I believe in the Constitution and the 4th Amendment. I am innocent and
> have nothing to hide, but NO agent of the state crosses my threshhold
> without a valid warrant signed by a judge and properly submitted. If
> we fail to exercise our rights, we lose them.
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>



-- 
(623) 239-3392 Skype
(623) 688-3392 Google Voice

 http://www.it-clowns.com

"If Python is executable pseudocode, then perl is executable line noise."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20110429/058e5dd2/attachment.html>

More information about the PLUG-discuss mailing list