Setup active mode!

Orice problema legata de operare software.
Avatar utilizator
Mesaje: 7192
Membru din: 03 Ian 2007, 15:38
Localitate: Bucuresti

Setup active mode!

Mesajde Romeo » 11 Dec 2008, 11:32

How do I set up active mode with a Linux based firewall/router?

It depends on what kernel version you are using. With 2.4 you can choose between doing postrouting or the easier
prerouting. The difference is if you do a postrouting, all clients withing your internal network (LAN) can connect and
download/upload between eachother. Postrouting is not nessesary if you are the only client wich uses DC behind the router/
firewall. Examples below uses the following settings: External ethernet card: eth1, external IP, firewall
(router) IP:, client IP:, external and internal port: 555

Linux 2.4, postrouting example
iptables -t nat -A POSTROUTING -d -s -p tcp --dport 555 -j SNAT --to
iptables -t nat -A POSTROUTING -d -s -p udp --dport 555 -j SNAT --to
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 555 -j DNAT --to
iptables -t nat -A PREROUTING -i eth1 -p udp --dport 555 -j DNAT --to
iptables -t nat -A PREROUTING -d -p tcp --dport 555 -j DNAT --to
iptables -t nat -A PREROUTING -d -p udp --dport 555 -j DNAT --to
Linux 2.4, prerouting example
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 555 -j DNAT --to
iptables -t nat -A PREROUTING -i eth1 -p udp --dport 555 -j DNAT --to

Linux 2.2, example
ipmasqadm portfw -a -P tcp -L 555 -R 555
ipmasqadm portfw -a -P udp -L 555 -R 555
How to use Shorewall to configure your iptables
Here's what you have to add to rules (assuming loc is the zone where your computer is located, is your
computer's IP, 666 is the port you wish to use and is your external IP):
DNAT net loc: tcp 666 -
DNAT net loc: udp 666 -

By http:/forum.RomeoNet.Ro

Share This

Share This

Înapoi la “LINUX”

Cine este conectat

Utilizatori ce ce navighează pe acest forum: Niciun utilizator înregistrat și 1 vizitator