iptables

Discussion of programming on Linux, including shell scripting, perl, python, c/c++, mono, java. Whatever tickles your fancy.

iptables

Postby venky145 » Thu Mar 01, 2007 1:56 pm

hi

In my linux box i am using 2 firewall scripts . one is

FIRST SCRIPT

iptables -t nat -F
echo "1" > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A PREROUTING -p tcp -s 0/0 -d 0/0 --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -p tcp -o eth0 --dport 5050 -j MASQUERADE
iptables -I INPUT -p tcp -s 0/0 -d 0/0 --dport 3128 -j DROP
iptables -t nat -A PREROUTING -p tcp -s 0/0 -d 0/0 --dport 5050 -j REDIRECT --to-port 3128

/sbin/iptables -t nat -A POSTROUTING -s 20.0.1.1/32 -d 0/0 -j MASQUERADE
/sbin/iptables -I INPUT -p tcp -s 20.0.1.1/32 -d 0/0 --dport 3128 -j ACCEPT


SECOND SCRIPT

/sbin/iptables -t nat -A POSTROUTING -s 20.0.1.2/32 -d 0/0 -j MASQUERADE
/sbin/iptables -I INPUT -p tcp -s 20.0.1.2/32 -d 0/0 --dport 3128 -j ACCEPT


MY CRON

* 21 * * * exec /bin/SECOND SCRIPT
* 09 * * * exec /bin/FIRST SCRIPT



My problem is
If cron executes the SECOND SCRIPT 20.0.1.2 IPADDRESS entry is adding the IPTABLES LIST ( iptables -L )

but if crond executes the FIRST SCRIPT the iptables doesn't flusing and re-entering the FIRST SCRIPT entries are adding..

please tell me how to complete flush and re-entering the iptables thru cron job ... My OS is Fedora core 2
venky145
Havaldaar
 
Posts: 118
Joined: Thu Jan 13, 2005 2:35 pm
WLM: ranga72
Yahoo Messenger: venky145
Location: qatar

Re: iptables

Postby kbukhari » Thu Mar 01, 2007 5:01 pm

venky145 wrote:hi

In my linux box i am using 2 firewall scripts . one is

FIRST SCRIPT

iptables -t nat -F
echo "1" > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A PREROUTING -p tcp -s 0/0 -d 0/0 --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -p tcp -o eth0 --dport 5050 -j MASQUERADE
iptables -I INPUT -p tcp -s 0/0 -d 0/0 --dport 3128 -j DROP
iptables -t nat -A PREROUTING -p tcp -s 0/0 -d 0/0 --dport 5050 -j REDIRECT --to-port 3128

/sbin/iptables -t nat -A POSTROUTING -s 20.0.1.1/32 -d 0/0 -j MASQUERADE
/sbin/iptables -I INPUT -p tcp -s 20.0.1.1/32 -d 0/0 --dport 3128 -j ACCEPT


SECOND SCRIPT

/sbin/iptables -t nat -A POSTROUTING -s 20.0.1.2/32 -d 0/0 -j MASQUERADE
/sbin/iptables -I INPUT -p tcp -s 20.0.1.2/32 -d 0/0 --dport 3128 -j ACCEPT


MY CRON

* 21 * * * exec /bin/SECOND SCRIPT
* 09 * * * exec /bin/FIRST SCRIPT



My problem is
If cron executes the SECOND SCRIPT 20.0.1.2 IPADDRESS entry is adding the IPTABLES LIST ( iptables -L )

but if crond executes the FIRST SCRIPT the iptables doesn't flusing and re-entering the FIRST SCRIPT entries are adding..

please tell me how to complete flush and re-entering the iptables thru cron job ... My OS is Fedora core 2


add
iptables -t nat -F
and
iptables -F

on second script
--
Syed Kashif Ali Bukhari
+92-345-8444420
http://sysadminsline.com
http://kashifbukhari.com
kbukhari
Major General
 
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Website: http://kashifbukhari.com
Location: Lahore

Postby nomankhn » Thu Mar 01, 2007 6:52 pm

Dear Friend,

I change your script so you will use that script.


FIRST SCRIPT

ipt=/sbin/iptables

$ipt --flush
$ipt --table nat --flush
$ipt --table mangle --flush
$ipt --table nat --flush
$ipt --delete-chain
$ipt --table nat --delete-chain

/bin/echo "1" > /proc/sys/net/ipv4/ip_forward

$ipt -t nat -A PREROUTING -p tcp -s 0/0 -d 0/0 --dport 80 -j REDIRECT --to-port 3128
$ipt -t nat -A POSTROUTING -p tcp -o eth0 --dport 5050 -j MASQUERADE
$ipt -I INPUT -p tcp -s 0/0 -d 0/0 --dport 3128 -j DROP
$ipt -t nat -A PREROUTING -p tcp -s 0/0 -d 0/0 --dport 5050 -j REDIRECT --to-port 3128

$ipt -t nat -A POSTROUTING -s 20.0.1.1/32 -d 0/0 -j MASQUERADE
$ipt -I INPUT -p tcp -s 20.0.1.1/32 -d 0/0 --dport 3128 -j ACCEPT


SECOND SCRIPT

$ipt -t nat -A POSTROUTING -s 20.0.1.2/32 -d 0/0 -j MASQUERADE
$ipt -I INPUT -p tcp -s 20.0.1.2/32 -d 0/0 --dport 3128 -j ACCEPT

If you will tell me your scanerio then i will write back a script to you, first clear your scanerio here, and then i will write back.

Regards
Noman Liaquat Khanzada Rajput
Linux means productivity and fun.
We all love Linux, but it's also a fact that some people might not be able to migrate.
nomankhn
Colonel
 
Posts: 714
Joined: Wed Aug 07, 2002 8:00 pm

Postby nomankhn » Sat Mar 03, 2007 5:52 pm

Dear venky145,

Did you use my solution, is your problem solve or still u have issues. if no problem that is good, if still problem then kindly let us know.

Regards
Noman Liaquat Khanzada Rajput
Linux means productivity and fun.
We all love Linux, but it's also a fact that some people might not be able to migrate.
nomankhn
Colonel
 
Posts: 714
Joined: Wed Aug 07, 2002 8:00 pm


Return to “%s” Programming

Who is online

Users browsing this forum: No registered users and 2 guests

cron