Hello All,
I would like to ask you very kindly with /etc/sysconfig/iptables
file
I have to setup port forwarding on RHEL6 router. Users from public network must be able to ssh
to servers in private network behind RHEL6 router. Problem is that servers in private network must be isolated.
My boss require that there will not be any possibility of connection from private network to any remote network behind RHEL6 router
I am not able to DROP
any traffic coming from private network.
I did setup port forwarding on router from public network to private network easily but I am not able to force router to drop any traffic coming from private network outside unless I break port forwarding.
here is example of my /etc/sysconfig/iptables
file. Please help with line which would drop all outgoing traffic from private network but keep port forwarding working.
cat /etc/sysconfig/iptables
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
#
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 2222 -j ACCEPT
-A INPUT -p all -j DROP
#
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE
-A PREROUTING -i eth0 -p tcp --dport 22 -j DNAT --to-destination 192.168.0.3:22
COMMIT
BTW: (ssh on router is running on port 2222)