Hi all… Newbie here…
I have multiple Internet IP addresses and they are dstnat’ed to multiple static IP’s on my local network for example:
Chain: dstnat
Dst addy: 72.14.207.90
Action: dst-nat
To addy: 172.16.1.10
To ports: 0-65535
and
Chain: srcnat
Src Addy: 172.16.1.10
Action: src-nat
To addy: 72.14.207.90
To potrs: 0-65535
Is this the correct way to set up a 1:1 ?
Also I have similar entries for “72.14.207.91-95” dst and src nat’d to 172.16.1.11-15
Everything seems to work ok except when I try and firewall it.
I set up some filter rules:
Chain: forward
Dst addy: 172.16.1.12
Protocol: 6 (tcp)
Dst port: 25
Action: accept
I did the same for other ports like 110, 80, 22 and so forth… different ports for different servers. Then for the very last filter rule I set up a drop
to block the rest of the ports like so:
Chain: forward
Dst addy: 172.16.1.10-172.16.1.15
Action: drop
and it seems to block everything fine except it is also blocking all outbound traffic from those servers at 172.16.1.10-15. For example when this last filter rule is enabled I cant telnet to a ip address outside of my network.
I also tried dst/srcnat ing onlt the ports I needed but I still had the same problems connecting from these servers to anything outside my network.
Can someone point me in the right direction? Thanks for any help.