Linux - Setting up iptables firewall rules (Video 2 of 4 for setting up Linux Router/Gateway)

Read:

In this video, I show you how to setup iptables/firewall/NAT on your DHCP server. This is the second video of having a linux box running as a DHCP server, gateway, and router of any given network. We touch on iptables and how to set it up with various commands.

Thank you, Shane.

(The written version is being revised to reflect /etc/sysctl.conf changes)

Notes:

If you use debian or anything debian based, I cannot and will not help you. Do not ask for help on those distributions. Especially ubuntu.

Prerequisits:
-You followed the first video
-DHCP is running correctly (make sure you have tested this)

You can follow along completely if you use these distributions:
--Fedora
--CentOS

Commands to note:
vi -- It's an editor in linux. i for insert, o for a new line, shift+g to go to the end of the file, ESC for command mode. :wq saves your file (zz does too).
nano -- Another editor in linux, much easier to use.
pico --Alternative to nano if not available.
services name restart --name being the name of the service
iptables -t (table) -A --The command to create iptables rules. (table) being nat or filter.

NOTE: Edit the /etc/sysctl.conf file and find the line that says net.ipv4.ip_forward. Set it to 1. This will make it work!

http://www.youtube.com/watch?v=ES53ZpVnEpQ

Files/Folders to note:
/etc/sysconfig/iptables -- The file where iptables information is stored.
Example: http://dpaste.com/hold/604959/

Useful link: http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux_...

FAQ:

1. Can I forward more than one port to any IP's through iptables?
A. Yes you can, just make sure you use PREROUTING and FORWARD rules respectively.

2. Can I forward the same port to more than one IP address in iptables?
A. No, you cannot. However, if you're playing StarCraft with two people on a LAN and playing online and want both computers to be able to host, open up 6113 for their IP address. And then it's up to you to use chaoslauncher and change the port number on their computer to 6113 for starcraft. In regedit, you can add a DWORD value to "HKEY_CURRENT_USER\Software\Battle.net\Configuration" and "HKEY_LOCAL_MACHINE\SOFTWARE\Battle.net\Configuration" called "Game Data Port", and put in 6113 using decimal. That should do it too. There is a small chance this will even work in the first place.
5. For some reason, no one on the network can connect to the internet. What happened?
A. In the video, I forgot to explain that you need to edit /etc/sysctl.conf and change the ip forwarding to 1. You can watch here to get the idea: http://www.youtube.com/watch?v=ES53ZpVnEpQ

Category:

Howto & Style

Tags:

• linux
• cent
• centos
• os
• rpm
• yum
• install
• router
• dhcp
• command
• line
• commandline
• bash
• shell
• root
• firewall
• rule
• rules
• iptables
• ip
• iptable

License:

Standard YouTube License