road runner and external connections

E_Rossiter rossiter at discoverynet.com
Sat Apr 27 14:54:16 CDT 2002 

On Friday 26 April 2002 03:22 pm, Marvin Bellamy wrote:
> Has anyone had any difficulty setting their firewalls with redirection
> to intranet boxes to allow connections from the outside world?  I'm
> trying to get ipf and ipnat configured, but nothing seems to be working.
>  I've used tcpdump and I can see the attempts to connection to my web
> server, and I can connect to my web server from my firewall, but
> redirection doesn't seem to be working.  Note that I've had my network
> configured to only allow outgoing connections for at least a year now.
> It's the inbound redirections that aren't working.  Also, I have a
> dynamic IP, so I used a "best guess" of 0/32 to do this. 

 A sample
> ipnat.rules file configured for a dynamic external IP would help a lot.

script is started using format:
firewall start eth0 eth1

Define the necessary variables:
##-----------Default Interfaces----------##

DEFAULT_EXTIF="eth0"

## Get external interface from command line
## If none specified set $DEFAULT-EXTIF as EXTIF
if [ "x$2" != "x" ]; then
  EXTIF=$2
else
  EXTIF=$DEFAULT_EXTIF
fi
echo $EXTIF;sleep 1

# Determine external IP
EXTIP="`ifconfig $EXTIF | grep inet | cut -d : -f 2 | cut -d   -f 1`"
  if [ "$EXTIP" = '' ]; then
    echo "Aborting: Unable to determine the IP-address of $EXTIF !"
    exit 1
  fi

## Determine external gateway
EXTGW=`route -n | grep -A 4 UG | awk '{ print $2}'`

The code above will grab your external ip and gw when you start the script.

##------Port Forwarding Variables------## 

# IP for forwarded HTTP-traffic
#HTTPIP="192.168.100.100"

## Pub serv on firewall (uncomment to activate)
# http
#$IPTABLES -A INPUT -i $EXTIF -p tcp --dport 80 -j TCPACCEPT

## Port forwarding from ports < 1024 (see also chain PREROUTING)
# HTTP-Forwarding
#$IPTABLES -A FORWARD -o $EXTIF -s $HTTPIP -p tcp --sport 80 -j ACCEPT

################
## Prerouting ##
################

## Port-forwarding (see also chain FORWARD)
# HTTP
#$IPTABLES -A PREROUTING -t nat -i $EXTIF -p tcp -d $EXTIP --dport 80 -j DNAT 
-$

All of the above can be found at http://www.linuxguruz.org/iptables.

HTH,
E

More information about the Kclug mailing list