hi
In my linux box i am using 2 firewall scripts . one is
FIRST SCRIPT
iptables -t nat -F
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp -s 0/0 -d 0/0 --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -p tcp -o eth0 --dport 5050 -j MASQUERADE
iptables -I INPUT -p tcp -s 0/0 -d 0/0 --dport 3128 -j DROP
iptables -t nat -A PREROUTING -p tcp -s 0/0 -d 0/0 --dport 5050 -j REDIRECT --to-port 3128
/sbin/iptables -t nat -A POSTROUTING -s 20.0.1.1/32 -d 0/0 -j MASQUERADE
/sbin/iptables -I INPUT -p tcp -s 20.0.1.1/32 -d 0/0 --dport 3128 -j ACCEPT
SECOND SCRIPT
/sbin/iptables -t nat -A POSTROUTING -s 20.0.1.2/32 -d 0/0 -j MASQUERADE
/sbin/iptables -I INPUT -p tcp -s 20.0.1.2/32 -d 0/0 --dport 3128 -j ACCEPT
MY CRON
* 21 * * * exec /bin/SECOND SCRIPT
* 09 * * * exec /bin/FIRST SCRIPT
My problem is
If cron executes the SECOND SCRIPT 20.0.1.2 IPADDRESS entry is adding the IPTABLES LIST ( iptables -L )
but if crond executes the FIRST SCRIPT the iptables doesn't flusing and re-entering the FIRST SCRIPT entries are adding..
please tell me how to complete flush and re-entering the iptables thru cron job ... My OS is Fedora core 2
iptables
Re: iptables
addvenky145 wrote:hi
In my linux box i am using 2 firewall scripts . one is
FIRST SCRIPT
iptables -t nat -F
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp -s 0/0 -d 0/0 --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -p tcp -o eth0 --dport 5050 -j MASQUERADE
iptables -I INPUT -p tcp -s 0/0 -d 0/0 --dport 3128 -j DROP
iptables -t nat -A PREROUTING -p tcp -s 0/0 -d 0/0 --dport 5050 -j REDIRECT --to-port 3128
/sbin/iptables -t nat -A POSTROUTING -s 20.0.1.1/32 -d 0/0 -j MASQUERADE
/sbin/iptables -I INPUT -p tcp -s 20.0.1.1/32 -d 0/0 --dport 3128 -j ACCEPT
SECOND SCRIPT
/sbin/iptables -t nat -A POSTROUTING -s 20.0.1.2/32 -d 0/0 -j MASQUERADE
/sbin/iptables -I INPUT -p tcp -s 20.0.1.2/32 -d 0/0 --dport 3128 -j ACCEPT
MY CRON
* 21 * * * exec /bin/SECOND SCRIPT
* 09 * * * exec /bin/FIRST SCRIPT
My problem is
If cron executes the SECOND SCRIPT 20.0.1.2 IPADDRESS entry is adding the IPTABLES LIST ( iptables -L )
but if crond executes the FIRST SCRIPT the iptables doesn't flusing and re-entering the FIRST SCRIPT entries are adding..
please tell me how to complete flush and re-entering the iptables thru cron job ... My OS is Fedora core 2
iptables -t nat -F
and
iptables -F
on second script
Dear Friend,
I change your script so you will use that script.
FIRST SCRIPT
ipt=/sbin/iptables
$ipt --flush
$ipt --table nat --flush
$ipt --table mangle --flush
$ipt --table nat --flush
$ipt --delete-chain
$ipt --table nat --delete-chain
/bin/echo "1" > /proc/sys/net/ipv4/ip_forward
$ipt -t nat -A PREROUTING -p tcp -s 0/0 -d 0/0 --dport 80 -j REDIRECT --to-port 3128
$ipt -t nat -A POSTROUTING -p tcp -o eth0 --dport 5050 -j MASQUERADE
$ipt -I INPUT -p tcp -s 0/0 -d 0/0 --dport 3128 -j DROP
$ipt -t nat -A PREROUTING -p tcp -s 0/0 -d 0/0 --dport 5050 -j REDIRECT --to-port 3128
$ipt -t nat -A POSTROUTING -s 20.0.1.1/32 -d 0/0 -j MASQUERADE
$ipt -I INPUT -p tcp -s 20.0.1.1/32 -d 0/0 --dport 3128 -j ACCEPT
SECOND SCRIPT
$ipt -t nat -A POSTROUTING -s 20.0.1.2/32 -d 0/0 -j MASQUERADE
$ipt -I INPUT -p tcp -s 20.0.1.2/32 -d 0/0 --dport 3128 -j ACCEPT
If you will tell me your scanerio then i will write back a script to you, first clear your scanerio here, and then i will write back.
Regards
Noman Liaquat Khanzada Rajput
Linux means productivity and fun.
We all love Linux, but it's also a fact that some people might not be able to migrate.
I change your script so you will use that script.
FIRST SCRIPT
ipt=/sbin/iptables
$ipt --flush
$ipt --table nat --flush
$ipt --table mangle --flush
$ipt --table nat --flush
$ipt --delete-chain
$ipt --table nat --delete-chain
/bin/echo "1" > /proc/sys/net/ipv4/ip_forward
$ipt -t nat -A PREROUTING -p tcp -s 0/0 -d 0/0 --dport 80 -j REDIRECT --to-port 3128
$ipt -t nat -A POSTROUTING -p tcp -o eth0 --dport 5050 -j MASQUERADE
$ipt -I INPUT -p tcp -s 0/0 -d 0/0 --dport 3128 -j DROP
$ipt -t nat -A PREROUTING -p tcp -s 0/0 -d 0/0 --dport 5050 -j REDIRECT --to-port 3128
$ipt -t nat -A POSTROUTING -s 20.0.1.1/32 -d 0/0 -j MASQUERADE
$ipt -I INPUT -p tcp -s 20.0.1.1/32 -d 0/0 --dport 3128 -j ACCEPT
SECOND SCRIPT
$ipt -t nat -A POSTROUTING -s 20.0.1.2/32 -d 0/0 -j MASQUERADE
$ipt -I INPUT -p tcp -s 20.0.1.2/32 -d 0/0 --dport 3128 -j ACCEPT
If you will tell me your scanerio then i will write back a script to you, first clear your scanerio here, and then i will write back.
Regards
Noman Liaquat Khanzada Rajput
Linux means productivity and fun.
We all love Linux, but it's also a fact that some people might not be able to migrate.
Dear venky145,
Did you use my solution, is your problem solve or still u have issues. if no problem that is good, if still problem then kindly let us know.
Regards
Noman Liaquat Khanzada Rajput
Linux means productivity and fun.
We all love Linux, but it's also a fact that some people might not be able to migrate.
Did you use my solution, is your problem solve or still u have issues. if no problem that is good, if still problem then kindly let us know.
Regards
Noman Liaquat Khanzada Rajput
Linux means productivity and fun.
We all love Linux, but it's also a fact that some people might not be able to migrate.