[wellylug] Router/Firewall

[Tim Nicholas]

On 01/21/04 13:24, Jamie Dobbs wrote:
> I need to set up a simple Router/Firewall between two networks here at
> work. I'm thinking a simple Linux box (either Debian or Gentoo) then just
> the appropriate ipchains/iptales commands to send the material between the
> networks.
> The only thing that is eluding me is how to get iptables to forward the
> specific port between networks, and only that port. The port is 5902 and
> lets assume that the networks are 1.2.3.0 and 6.7.8.0 - can someone help
> me out with the appropriate iptables/ipchains commands... as I'm at a loss
> on this one! (I think that with Debian ipchains is my only option? And I
> can't seem to get the Kernel to support either in Gentoo at the
> moment!!!).
> 
> Sorry folks, its been one of those days!
> 
> Cheers
> 
> Jamie
> 

I imagine that you are looking for something like...

iptables -P FORWARD DROP
iptables -A FORWARD -d 1.2.3.0/24 -s 6.7.8.0/24 -p tcp --dport 5902 
--state NEW,ESTABLISHED -j ACCEPT
iptables -A FORWARD -d 6.7.8.0/24 -s 1.2.3.0/24 -p tcp --dport 5902 
--state NEW,ESTABLISHED -j ACCEPT

But those are completely untested and may not actually work at all. The 
first one makes sure that everything that doesn't get explicitly allowed 
is denied, and the next two allow the traffic that you want.
Be careful though, I'm no iptables expert and these rules are totally 
untested. YMMV etc.

And don't forget to enable forwarding with something like...

echo "1" > /proc/sys/net/ipv4/ip_forward


-- 
Tim Nicholas                          ||                      Cilix
Email: tim at nicholas.net.nz            ||    Wellington, New Zealand
http://tim.nicholas.net.nz/           ||   Cell/SMS: +64 21 337 204