[tlug] iptables

["Bruno Raoult" <braoult@example.com>]

Hi,

I want my linux box to make port forwarding (some ports) to a LAN raid-5 box
connected to its ethernet port.
The "world" is a wifi network (having the internet router too).

I made some iptable rules (simple masquerade for packets coming from the

raid-5 box), and port forwarding for the ports I want to send to the raid-5.

It seems to work well (the rules are below, please feel free to comment).

What I would do is to have these rules enabled by default at boot.

I tried to add "pre-up iptables-restore < /etc/iptables.rules" in /etc/network/interfaces,
but it does not work at all (I tried on both interfaces, eth & wifi)

But when I start the script by hand, everything is fine... Magic, isn'it?
Nothing special in /var/log/messages or syslog...
 
iptables have always been a mystery for me :-)

Any clue?

########################## *THE* local config
LAN_NET="10.0.0.0/8"  # my wifi network
LAN_IP="10.0.1.207"    # my wifi IP

LAN_PORT="rausb0"

DSK_NET="192.168.0.0/16"  # my ethernet network
DSK_IP="192.168.1.1"          # my ethernet IP

DSK_PORT="eth0"
TERA_IP="192.168.1.2"        # raid-5 box IP

[...]

########################## nat
echo "starting NAT..."
iptables -A POSTROUTING -t nat -o ${LAN_PORT} -s ${DSK_NET} -j MASQUERADE

########################## forward/input my ports
# port 80 139 from LAN to DSK
echo "routing ports ${TERA_PORTS} to TERA..."
for port in 80 139
do
  iptables -t nat -I PREROUTING -p tcp -d ${LAN_IP} --dport ${port} -j DNAT --to-destination ${TERA_IP}

  iptables -A FORWARD -p tcp -i ${LAN_PORT} -d ${TERA_IP} --dport ${port} -j ACCEPT
done

[ ...]


-- 
2 + 2 = 5, for very large values of 2.