Belső webszerver elérése kintrol????SOS

Hálózatok általános

SOS!

Sűrgősen kéne megoldanom az adott probémát!
Adott egy hálózat, Linux tűzfallal, ezen van egy fix ip+domain nev.
Egy belső, win20003 server gépen fut egy webserveres alkalmazás... ezt kéne valahogy kívűlről is elérnem!
A 80-as port foglalt a LINUX-on, ezért mondjuk a 82-es portot szeretném átirányítani...
Tehát:
Külső IP:82-es portját kéne továbbítani a belső gép (192.168.2.252) 80-as portjáta.
Hogy tudom ezt megoldani sűrgősen???
Előre is köszi:
Fgoyo

  • 1537 megtekintés

( maniac | 2008. 09. 10., sze – 14:19 )

UTFG

remelem sikerult kozben leirnod, latom nyitottal tobb topikot is meg minden hat igy jartal ;).

na jo jo szivu leszek, de utananeztem a topikjaidnak, es mar parszor volt ilyen gondod, amit elmeletileg meg is oldottal.

iptables -t nat -A PREROUTING -i $EXTIF -p tcp -m tcp --dport 82 -j DNAT --to-destination $IP:80
iptables -A FORWARD -i $EXTIF -o $INTIF -d $IP -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A FORWARD -i $INTIF -o $EXTIF -s $IP -p tcp -m tcp --sport 80 -j ACCEPT

Hali!

köszi a gyors választ de ez meg igy nem mukszik egyelore.
A következöt szeretnem megoldani pontosan:
ha valaki beuti a kovetkezot: http://www.weblap.hu:82, akkor iranyitsa at a 192.168.2.252-es belso gép 80-as (http) portjára.
Ezt hogy tudom?
(A külső IP-met ppp0-on kapom, a belső interface a 2-es alháló fele:eth2)

Előre is köszi!

Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
bad_packets all -- anywhere anywhere
DROP all -- anywhere all-systems.mcast.net
ACCEPT all -- 192.168.2.0/24 anywhere
ACCEPT all -- anywhere 192.168.2.255
ACCEPT all -- win2000.gr-szechenyi.inside/24 anywhere
ACCEPT all -- anywhere 192.168.3.255
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
tcp_inbound tcp -- anywhere anywhere
udp_inbound udp -- anywhere anywhere
icmp_packets icmp -- anywhere anywhere
ACCEPT gre -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:3389
DROP all -- anywhere anywhere PKTTYPE = broadcast
LOG all -- anywhere anywhere LOG level warning prefix `fp=INPUT:99 a=DROP '

Chain FORWARD (policy DROP)
target prot opt source destination
bad_packets all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
tcp_outbound tcp -- anywhere anywhere
udp_outbound udp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
LOG all -- anywhere anywhere LOG level warning prefix `fp=FORWARD:99 a=DROP '
ACCEPT tcp -- 192.168.2.252 anywhere tcp spt:www

Chain OUTPUT (policy DROP)
target prot opt source destination
DROP icmp -- anywhere anywhere state INVALID
ACCEPT all -- localhost anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- 192.168.2.254 anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- 192.168.3.254 anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT gre -- anywhere anywhere
LOG all -- anywhere anywhere LOG level warning prefix `fp=OUTPUT:99 a=DROP '

Chain bad_packets (2 references)
target prot opt source destination
LOG all -- 192.168.2.0/24 anywhere LOG level warning prefix `fp=bad_packets:2 a=DROP '
DROP all -- 192.168.2.0/24 anywhere
LOG all -- anywhere anywhere state INVALID LOG level warning prefix `fp=bad_packets:1 a=D
ROP '
DROP all -- anywhere anywhere state INVALID
bad_tcp_packets tcp -- anywhere anywhere
RETURN all -- anywhere anywhere

Chain bad_tcp_packets (1 references)
target prot opt source destination
RETURN tcp -- anywhere anywhere
LOG tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW LOG level warning p
refix `fp=bad_tcp_packets:1 a=DROP '
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE LOG level warning pre
fix `fp=bad_tcp_packets:2 a=DROP '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG LO
G level warning prefix `fp=bad_tcp_packets:3 a=DROP '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG LOG level warn
ing prefix `fp=bad_tcp_packets:4 a=DROP '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG LOG le
vel warning prefix `fp=bad_tcp_packets:5 a=DROP '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG
LOG tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST LOG level warning prefix `fp=bad_t
cp_packets:6 a=DROP '
DROP tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN LOG level warning prefix `fp=bad_t
cp_packets:7 a=DROP '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
RETURN tcp -- anywhere anywhere

Chain icmp_packets (1 references)
target prot opt source destination
LOG icmp -f anywhere anywhere LOG level warning prefix `fp=icmp_packets:1 a=DROP '
DROP icmp -f anywhere anywhere
DROP icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
RETURN icmp -- anywhere anywhere

Chain tcp_inbound (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp spt:ftp-data
ACCEPT tcp -- anywhere anywhere tcp dpts:62000:64000
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:imap2
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:1723
ACCEPT gre -- anywhere anywhere

Chain tcp_outbound (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere

Chain udp_inbound (1 references)
target prot opt source destination
DROP udp -- anywhere anywhere udp dpt:netbios-ns
DROP udp -- anywhere anywhere udp dpt:netbios-dgm
RETURN udp -- anywhere anywhere

Chain udp_outbound (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere
tiszk-fw:/usr/local/bin# clear
tiszk-fw:/usr/local/bin# iptables
iptables v1.3.5: no command specified
Try `iptables -h' or 'iptables --help' for more information.
tiszk-fw:/usr/local/bin# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
bad_packets all -- anywhere anywhere
DROP all -- anywhere all-systems.mcast.net
ACCEPT all -- 192.168.2.0/24 anywhere
ACCEPT all -- anywhere 192.168.2.255
ACCEPT all -- win2000.gr-szechenyi.inside/24 anywhere
ACCEPT all -- anywhere 192.168.3.255
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
tcp_inbound tcp -- anywhere anywhere
udp_inbound udp -- anywhere anywhere
icmp_packets icmp -- anywhere anywhere
ACCEPT gre -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:3389
DROP all -- anywhere anywhere PKTTYPE = broadcast
LOG all -- anywhere anywhere LOG level warning prefix `fp=INPUT:99 a=DROP '

Chain FORWARD (policy DROP)
target prot opt source destination
bad_packets all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
tcp_outbound tcp -- anywhere anywhere
udp_outbound udp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
LOG all -- anywhere anywhere LOG level warning prefix `fp=FORWARD:99 a=DROP '
ACCEPT tcp -- 192.168.2.252 anywhere tcp spt:www

Chain OUTPUT (policy DROP)
target prot opt source destination
DROP icmp -- anywhere anywhere state INVALID
ACCEPT all -- localhost anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- 192.168.2.254 anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- 192.168.3.254 anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT gre -- anywhere anywhere
LOG all -- anywhere anywhere LOG level warning prefix `fp=OUTPUT:99 a=DROP '

Chain bad_packets (2 references)
target prot opt source destination
LOG all -- 192.168.2.0/24 anywhere LOG level warning prefix `fp=bad_packets:2 a=DROP '
DROP all -- 192.168.2.0/24 anywhere
LOG all -- anywhere anywhere state INVALID LOG level warning prefix `fp=bad_packets:1 a=DROP '
DROP all -- anywhere anywhere state INVALID
bad_tcp_packets tcp -- anywhere anywhere
RETURN all -- anywhere anywhere

Chain bad_tcp_packets (1 references)
target prot opt source destination
RETURN tcp -- anywhere anywhere
LOG tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW LOG level warning prefix `fp=bad_tcp_packets:1 a=DROP '
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE LOG level warning prefix `fp=bad_tcp_packets:2 a=DROP '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG LOG level warning prefix `fp=bad_tcp_packets:3 a=DROP '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG LOG level warning prefix `fp=bad_tcp_packets:4 a=DROP '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG LOG level warning prefix `fp=bad_tcp_packets:5 a=DROP '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG
LOG tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST LOG level warning prefix `fp=bad_tcp_packets:6 a=DROP '
DROP tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN LOG level warning prefix `fp=bad_tcp_packets:7 a=DROP '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
RETURN tcp -- anywhere anywhere

Chain icmp_packets (1 references)
target prot opt source destination
LOG icmp -f anywhere anywhere LOG level warning prefix `fp=icmp_packets:1 a=DROP '
DROP icmp -f anywhere anywhere
DROP icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
RETURN icmp -- anywhere anywhere

Chain tcp_inbound (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp spt:ftp-data
ACCEPT tcp -- anywhere anywhere tcp dpts:62000:64000
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:imap2
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:1723
ACCEPT gre -- anywhere anywhere

Chain tcp_outbound (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere

Chain udp_inbound (1 references)
target prot opt source destination
DROP udp -- anywhere anywhere udp dpt:netbios-ns
DROP udp -- anywhere anywhere udp dpt:netbios-dgm
RETURN udp -- anywhere anywhere

Chain udp_outbound (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere

megtalaltam az IPTABLES kimeneten:
Chain FORWARD (policy DROP)
target prot opt source destination
bad_packets all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
tcp_outbound tcp -- anywhere anywhere
udp_outbound udp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
LOG all -- anywhere anywhere LOG level warning prefix `fp=FORWARD:99 a=DROP '
ACCEPT tcp -- 192.168.2.252 anywhere tcp spt:www
ACCEPT tcp -- anywhere 192.168.2.252 tcp dpt:www
ACCEPT tcp -- 192.168.2.252 anywhere tcp spt:www