iptables

Discussion of programming on Linux, including shell scripting, perl, python, c/c++, mono, java. Whatever tickles your fancy.
venky145
Havaldaar
Posts: 118
Joined: Thu Jan 13, 2005 2:35 pm
Location: qatar
Contact:

iptables

Postby venky145 » Thu Mar 01, 2007 1:56 pm

hi

In my linux box i am using 2 firewall scripts . one is

FIRST SCRIPT

iptables -t nat -F
echo "1" > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A PREROUTING -p tcp -s 0/0 -d 0/0 --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -p tcp -o eth0 --dport 5050 -j MASQUERADE
iptables -I INPUT -p tcp -s 0/0 -d 0/0 --dport 3128 -j DROP
iptables -t nat -A PREROUTING -p tcp -s 0/0 -d 0/0 --dport 5050 -j REDIRECT --to-port 3128

/sbin/iptables -t nat -A POSTROUTING -s 20.0.1.1/32 -d 0/0 -j MASQUERADE
/sbin/iptables -I INPUT -p tcp -s 20.0.1.1/32 -d 0/0 --dport 3128 -j ACCEPT


SECOND SCRIPT

/sbin/iptables -t nat -A POSTROUTING -s 20.0.1.2/32 -d 0/0 -j MASQUERADE
/sbin/iptables -I INPUT -p tcp -s 20.0.1.2/32 -d 0/0 --dport 3128 -j ACCEPT


MY CRON

* 21 * * * exec /bin/SECOND SCRIPT
* 09 * * * exec /bin/FIRST SCRIPT



My problem is
If cron executes the SECOND SCRIPT 20.0.1.2 IPADDRESS entry is adding the IPTABLES LIST ( iptables -L )

but if crond executes the FIRST SCRIPT the iptables doesn't flusing and re-entering the FIRST SCRIPT entries are adding..

please tell me how to complete flush and re-entering the iptables thru cron job ... My OS is Fedora core 2

kbukhari
Major General
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Location: Lahore
Contact:

Re: iptables

Postby kbukhari » Thu Mar 01, 2007 5:01 pm

--
Syed Kashif Ali Bukhari
+92-345-8444420
http://sysadminsline.com
http://kashifbukhari.com

nomankhn
Colonel
Posts: 714
Joined: Wed Aug 07, 2002 8:00 pm

Postby nomankhn » Thu Mar 01, 2007 6:52 pm

Dear Friend,

I change your script so you will use that script.


FIRST SCRIPT

ipt=/sbin/iptables

$ipt --flush
$ipt --table nat --flush
$ipt --table mangle --flush
$ipt --table nat --flush
$ipt --delete-chain
$ipt --table nat --delete-chain

/bin/echo "1" > /proc/sys/net/ipv4/ip_forward

$ipt -t nat -A PREROUTING -p tcp -s 0/0 -d 0/0 --dport 80 -j REDIRECT --to-port 3128
$ipt -t nat -A POSTROUTING -p tcp -o eth0 --dport 5050 -j MASQUERADE
$ipt -I INPUT -p tcp -s 0/0 -d 0/0 --dport 3128 -j DROP
$ipt -t nat -A PREROUTING -p tcp -s 0/0 -d 0/0 --dport 5050 -j REDIRECT --to-port 3128

$ipt -t nat -A POSTROUTING -s 20.0.1.1/32 -d 0/0 -j MASQUERADE
$ipt -I INPUT -p tcp -s 20.0.1.1/32 -d 0/0 --dport 3128 -j ACCEPT


SECOND SCRIPT

$ipt -t nat -A POSTROUTING -s 20.0.1.2/32 -d 0/0 -j MASQUERADE
$ipt -I INPUT -p tcp -s 20.0.1.2/32 -d 0/0 --dport 3128 -j ACCEPT

If you will tell me your scanerio then i will write back a script to you, first clear your scanerio here, and then i will write back.

Regards



nomankhn
Colonel
Posts: 714
Joined: Wed Aug 07, 2002 8:00 pm

Postby nomankhn » Sat Mar 03, 2007 5:52 pm

Dear venky145,

Did you use my solution, is your problem solve or still u have issues. if no problem that is good, if still problem then kindly let us know.

Regards




Return to “Programming”

Who is online

Users browsing this forum: No registered users and 1 guest