[plug] iptables not letting me back in through my firewall

Brad Browne brad at mapsolutions.com.au
Mon Oct 15 09:52:57 WST 2001


Hi all,

I have been setting up a machine to do firewalling based on the 2.4 series
of kernels and have basically copied the settings from a Linux Journal
article to get me started.  ppp0 is my adsl connection and eth1 is my
internal interface -- the ip addreses are the ones from the article, not
mine.  Basically, the rules below should masquerade out ppp0, so that all
internal machines can access the web, ftp, etc.  Port 80 is also forwarded
to a machine internally so that my web site is available to the outside
world.  The problem I am having is that my internal machines cannot access
the web site from inside with the fully qualified domain name or external IP
address.  It seems like the traffic is going out of the firewall and can't
get back in (?)  The web site can be accessed from outside (so everyone can
see the web site) but no-one inside the firewall can see the web site.  I am
sure that this situation is not uncommon so I am wondering if anyone has
come up against this problem, and what the solution is.

$IPT -t filter -N tcprules
$IPT -A tcprules  -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A tcprules -i ! ppp0 -m state --state NEW -j ACCEPT
$IPT -A tcprules -i ppp0 -p tcp --dport 80 -m state --state NEW -j ACCEPT
$IPT -A tcprules -i ppp0 -m state --state NEW,INVALID -j DROP
$IPT -t nat -A PREROUTING -d 209.127.112.17 -p tcp --dport 80 -j
DNAT --to-destination 192.168.0.2:80
$IPT -t nat -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -j SNAT --to-source
209.127.112.17
$IPT -A INPUT -j tcprules
$IPT -A FORWARD -j tcprules
echo 1 > /proc/sys/net/ipv4/ip_forward


Cheers,

Bradley Browne
GIS Application Specialist
Digital Mapping Solutions

Level 2, 2 Hardy Street
South Perth 6151
Ph: 08 9474 6311   Fax: 08 9474 6411
email: brad at mapsolutions.com.au
http://www.mapsolutions.com.au/




More information about the plug mailing list