Google Answers Logo
View Question
 
Q: Redhat 9.0 IPTables Configuration ( No Answer,   0 Comments )
Question  
Subject: Redhat 9.0 IPTables Configuration
Category: Computers > Operating Systems
Asked by: climbingboulder-ga
List Price: $8.00		 Posted: 18 Oct 2003 12:49 PDT
Expires: 20 Oct 2003 13:21 PDT
Question ID: 267492 
I am trying to set up a pretty simple /etc/sysconfig/iptables file,
but the syntax is failing me.  I have 2 NICs, (one front end, one for
the backend):

eth0:  (1.2.3.4)
21/tcp     open        ftp
22/tcp     open        ssh
25/tcp     open        smtp
80/tcp     open        http
110/tcp    open        pop-3
123/tcp    open        ntp
143/tcp    open        imap2
443/tcp    open        https
2401/tcp   open        cvspserver

eth1: (172.16.0.1)
3306/tcp   open        mysql
32768/tcp  open        unknown
32773/tcp  open        sometimes-rpc9

the more clear of an iptables file, the better.... preferably so if I
wanted to add a new port on either side could just copy and paste a
line, changing the port number.

This is for your basic web server that also has ftp and ssh
accounts... so any connections initiated from the server needs to be
allowing going outside.

Please post a comment if you need any clarifications to this question.
 Thanks
Request for Question Clarification by bikerman-ga on 19 Oct 2003 14:44 PDT 
Hello, climbingboulder-ga,

I can answer your question, but I need a little more info.  First of
all, I am not quite understanding your network configuration.  Tell me
if I have the correct picture of your network layout:

eth0 (1.2.3.4) is connected to the Internet and eth1 is on your
internal network--both cards are in the same computer and 1.2.3.4 and
172.16.0.1 are two different IPs for the same computer (one on the
external network and one for the internal network).  Do you want for
computers on your internal network to be able to access the Internet
using this computer as a gateway?  If so, you will need to have
masquerading setup.  Do you have masquerading setup in another script?
 Do you want ports 3306, 32768, and 32773 to only be open to your
internal network (172.16.*), or do you want for all requests that come
from the Internet directed to 1.2.3.4:3306, 1.2.3.4:32768, and
1.2.3.4:32773 to be redirected to 172.16.0.1:3306, ...?  This is
called destination NAT, and isn't hard, however it wouldn't make sense
to do DNAT if 1.2.3.4 and 172.16.0.1 are two IPs for the same
computer.  Are 1.2.3.4 and 172.16.0.1 the same computer or does eth1
connect to an internal computer who's IP is 172.16.0.1?

If I haven't made my questions clear, please say so.  Firewalling is
fun. :)

Thanks,
Bikerman
Answer  
There is no answer at this time.

Comments  
There are no comments at this time.
Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you.
Search Google Answers for
Google Answers  

Google Home - Answers FAQ - Terms of Service - Privacy Policy