Can't remember iptables commands and what youre doing? Its easier to modify the default saved configuration instead of trying to write your own ipchains especially if you do not do this on a daily basis.
step 1: find your iptables config file.
Use "locate iptables | more". This should give a listing of anything related to iptables. Normally this should be in the /etc/sysconfig/ directory
step 2: change your rules using vim
centos: /etc/sysconfig/iptables
openwrt: /etc/firewall.user
and run:
centos # /etc/init.d/iptables restart
openwrt(i think) # /etc/init.d/S45firewall restart
The good news is that in most cases now, the default firewall does give an example of a tcp port and udp port. and openwrt gives a commented version on forwarding ports. e.g.
WAN=$(nvram get wan_ifname)
### Port forwarding
iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j DNAT --to 192.168.0.2
iptables -A forwarding_rule -i $WAN -p tcp --dport 22 -d 192.168.0.2 -j ACCEPT
Note that in this case, the port forwarded does not require the port to be open on the WAN interface. As it means that it will accept on the WAN
Alternatively, here's some iptables commands and basics to get you going. This is basically all I know and I managed to survive somewhat.
probably the 2 commonly used tables is nat and filter. By default it is set to filter so when listing existing firewall rules, you only need to do this:
# iptables -L --line
It is important to note that iptables works in a sequencial way, that means it looks at rule 1 before it looks at rule 2. I've recently started using --line which is really vital if you want an easy way to view what you want to insert to where. e.g. iptables -I INPUT 2 -j ACCEPT --dports 22 -p tcp
To view the nat (network address translation) table
# iptables -L -t nat --line
One of the more important entrys for this table is probably the masquerading for network sharing.
# iptables -A POSTROUTING -j MASQUERADE -t nat
I guess it does look intimidating, but it really isn't when it dawns upon you as in how the logic works.
if you have finished using iptables -I to create your rules, use "# iptables-save > /etc/sysconfig/iptables" to make sure your changes are saved.
More examples:
iptables -I RH-Firewall-1-INPUT 8 -p tcp --dport 80 -j ACCEPT
iptables -D RH-Firewall-1-INPUT 9
step 1: find your iptables config file.
Use "locate iptables | more". This should give a listing of anything related to iptables. Normally this should be in the /etc/sysconfig/ directory
step 2: change your rules using vim
centos: /etc/sysconfig/iptables
openwrt: /etc/firewall.user
and run:
centos # /etc/init.d/iptables restart
openwrt(i think) # /etc/init.d/S45firewall restart
The good news is that in most cases now, the default firewall does give an example of a tcp port and udp port. and openwrt gives a commented version on forwarding ports. e.g.
WAN=$(nvram get wan_ifname)
### Port forwarding
iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j DNAT --to 192.168.0.2
iptables -A forwarding_rule -i $WAN -p tcp --dport 22 -d 192.168.0.2 -j ACCEPT
Note that in this case, the port forwarded does not require the port to be open on the WAN interface. As it means that it will accept on the WAN
Alternatively, here's some iptables commands and basics to get you going. This is basically all I know and I managed to survive somewhat.
probably the 2 commonly used tables is nat and filter. By default it is set to filter so when listing existing firewall rules, you only need to do this:
# iptables -L --line
It is important to note that iptables works in a sequencial way, that means it looks at rule 1 before it looks at rule 2. I've recently started using --line which is really vital if you want an easy way to view what you want to insert to where. e.g. iptables -I INPUT 2 -j ACCEPT --dports 22 -p tcp
To view the nat (network address translation) table
# iptables -L -t nat --line
One of the more important entrys for this table is probably the masquerading for network sharing.
# iptables -A POSTROUTING -j MASQUERADE -t nat
I guess it does look intimidating, but it really isn't when it dawns upon you as in how the logic works.
if you have finished using iptables -I to create your rules, use "# iptables-save > /etc/sysconfig/iptables" to make sure your changes are saved.
More examples:
iptables -I RH-Firewall-1-INPUT 8 -p tcp --dport 80 -j ACCEPT
iptables -D RH-Firewall-1-INPUT 9
Comments