IpTables

From MyLinuxNotes

Jump to: navigation, search

If you have done a fresh install of RedHat ipchains will be your firewall by default. You should definately switch to iptables.

First you need to stop ipchains: 

 /etc/init.d/ipchains stop

Then you need to remove the ipchains module before you can start iptables (your kernel has to be compiled with support): 

 rmmod ipchains

Now to start iptables first you need to make sure there is a /etc/sysconfig/iptables. If there isn't, iptables wont start, so: 

 touch /etc/sysconfig/iptables
 /etc/init.d/iptables start

There are numerous iptables scripts out there to use as a template. Check out http://www.iptables.org/ for more info/HOWTO's.

Port Forwarding

I wanted to be able to forward a port on my firewall to ssh on a box on my local network. Here is what I had to add to my firewall script: 

   $IPT -A FORWARD -i eth0 -j ACCEPT
   $IPT -t nat -A PREROUTING -p tcp -d <firewall IP> --dport <port I want to use> -j DNAT --to <internal IP>:22
Retrieved from "http://www.linuxnotes.net/index.php/IpTables"
Personal tools