IPTables Configuration

Home
Up
FAQ - General
FAQ - Installation
FAQ - Callsign Validation
FAQ - Nodes
FAQ - Servers
FAQ - Connecting
FAQ - Operating
FAQ - Advanced Operating
FAQ - Audio
FAQ - iPhone
FAQ - Android
FAQ - EchoLink Web
Firewall Solutions
Authentication
Validation Documents
Access Policies

Contributed by KB1IMD

This little guide is not meant to replace all ready existing IPTables documents or the more general purpose Firewalling/IPTables how-to's.  It is merely submitted in the hope that other people using a Linux based computer as an internet gateway/firewall will have an easier time using EchoLink.

Several pages provided hints on how to get this working.  Particularly the Masq Apps page (http://www.tsmservices.com/masq/cfm/detail.cfm?AppID=147)

I use a variation of the advanced firewalling script provided in one of the IPTables how-to's and thus require a few more lines to allow certain types of packets back in.  However, this example should work for most basic NAT setups by simply replacing whatever script you use now with the following.  If you're all ready using a more advanced IPTables configuration, you should know what you are doing enough to not just cut and paste but to insert the relevant lines into your existing script.

###########################################################################################
# .........................-START-OF-USER CONFIGURATION SECTION-......................... #
# (Your paths may be different; use the `which` command to find out where your
# binaries are e.g. `which iptables`)
IPTABLES="/usr/sbin/iptables"
IFCONFIG="/sbin/ifconfig"
GREP="/usr/bin/grep"
AWK="/usr/bin/awk"
SED="/bin/sed"
# Network Interface Configuration, adjust these as neccesary.  I have DSL, Cable modem
# will probably be different; likewise, the internal interface may be eth0 (You
# should be able to figure out what is what by simply typing `ifconfig | less`).
EXTIF="ppp0"    # External (Internet Side)
INTIF="eth1"    # Internal (Local Side)
# Determine the external IP automatically
EXTIP="`$IFCONFIG $EXTIF | $GREP 'inet addr' | $AWK '{print $2}' | $SED -e 's/.*://'`"
# Address of Computer Running EchoLink
ECHOIP="192.168.1.2"
# ^^^^^^^^^^^^^^^^^^^^^^^^^^-ALL USER CONFIGURATION ABOVE HERE-^^^^^^^^^^^^^^^^^^^^^^^^^^ #
###########################################################################################
# The following 2 lines enable port forwarding (DNAT) of the udp packets back to
# echolink.  Note that  you can only have one computer running echolink behind
# the firewall using this configuration.
$IPTABLES -t nat -A PREROUTING -d $EXTIP -p udp --dport 5198 -i $EXTIF -j DNAT --to-destination $ECHOIP
$IPTABLES -t nat -A PREROUTING -d $EXTIP -p udp --dport 5199 -i $EXTIF -j DNAT --to-destination $ECHOIP
# Enable SNAT so everyone can get out
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j SNAT --to $EXTIP
# Enable IP Forwarding so all of this NAT stuff works
echo 1 > /proc/sys/net/ipv4/ip_forward

That's it!  Have fun using EchoLink!

73,

~Jason Gurtz,  KB1IMD

 

Copyright © 2002- EchoLink.org — EchoLink is registered trademark of Synergenics, LLC