من این تنظیمات رو برای NAT کردن توی Iptables انجام دادم. البته به کمک Webmin. وقتی nat رو به عنوان gateway برای سیستمی تعریف می کنم به راحتی بیرون ping میکنه ولی نمیتونه page بازکنه.
لازم به ذکره که روی این سرور Squid هم نصبه. و کلاینت ها حتی روی پورت 3128 هم نمی تونن page بازکنن.
اینم محتویات iptables.conf
کد:
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -d 224.0.0.251 --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 22 --state NEW -j ACCEPT
# Webmin temporary Access
-A RH-Firewall-1-INPUT -p tcp -m tcp -s 172.27.1.0/24 --dport 10000 -j ACCEPT
# 3128 temp
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 3128 -j ACCEPT
# Apache Temporary Access
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 81 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Generated by webmin
*mangle
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed
# Generated by webmin
*nat
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
# Forward HTTP connections to Squid proxy
-A PREROUTING -p tcp -m tcp -i eth0 --dport 80 -j REDIRECT --to-ports 3128
# Temorary NAT
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT
# Completed