A router that will use NAT and port forwarding to both protect your home network and have another web server on your home network while sharing the public IP address of your firewall.
iptables has become the default firewall package installed under RedHat and Fedora Linux.
Table 1 Processing For Packets Routed By The Firewall
Queue
Type
|
Queue Function |
Packet transformation chain in Queue | Chain Function |
Filter
|
Packet
filtering
|
FORWARD
|
Filters
packets to servers accessible by another NIC on the firewall.
|
INPUT
|
Filters
packets destined to the firewall.
|
||
OUTPUT
|
Filters
packets originating from the firewall
|
||
Nat
|
Network
Address Translation
|
PREROUTING
|
Address translation occurs before routing. Facilitates the transformation of the destination IP address to be compatible with the firewall's routing table. Used with NAT of the destination IP address, also known as destination NAT or DNAT. |
POSTROUTING
|
Address translation occurs after routing. This implies that there was no need to modify the destination IP address of the packet as in pre-routing. Used with NAT of the source IP address using either one-to-one or many-to-one NAT. This is known as source NAT, or SNAT. | ||
OUTPUT
|
Networks
address translation for packets generated by the firewall. (Rarely used in
SOHO environments)
|
||
Mangle
|
TCP
header modification
|
PREROUTING
POSTROUTING OUTPUT INPUT FORWARD
|
Modification
of the TCP packet quality of service bits before routing occurs
(Rarely
used in SOHO environments)
|
Allow ALL Incoming SSH
iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
Allow Ping from Outside to Inside
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
In this example, eth1 is connected to external network (internet), and eth0 is connected to internal network (For example: 192.168.1.x).
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
No comments:
Post a Comment