Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
M
M
mypage_892017-06-26 17:08:49
Squid
mypage_89, 2017-06-26 17:08:49

How to set up iptables on CentOS for torrent?

Hello. Help setting up port forwarding 40000 (torrenta) in iptables. Squid + Iptables is configured on a CentOS 7 machine. The iptables settings are:
enp2s0 -external network
enp3s1 -internal network
*nat
-A PREROUTING -i enp3s1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.10.1:3128
-A PREROUTING -i enp2s0 - p tcp -m tcp --dport 40000 -j DNAT --to-destination 192.168.10.10:40000
-A PREROUTING -i enp2s0 -p udp -m udp --dport 40000 -j DNAT --to-destination 192.168.10.10: 40000
-A POSTROUTING -s 192.168.10.0/24 -o enp2s0 -j ​​MASQUERADE
*filter
-A INPUT -i lo -j ACCEPT
-A INPUT -i enp3s1 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED - j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A INPUT -m state --state INVALID -j DROP
-A INPUT -p tcp -m tcp! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
-A INPUT -i enp3s1 -p tcp -m tcp --dport 22 -j ACCEPT
-A FORWARD -m state -- state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -m state --state INVALID -j DROP
-A FORWARD -i enp2s0 -o enp3s1 -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o enp3s1 -j ACCEPT
-A OUTPUT -o enp2s0 -j ​​ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
K
krosh, 2017-06-26
@mypage_89 

iptables -I FORWARD -i enp2s0 -o enp3s1  -m state --state NEW -p tcp -m tcp --dport 40000 -d 192.168.10.10 -j ACCEPT

You allow the passage of packets with the state of an established connection, but incoming traffic is new, the gateway does not know anything about it, so it is blocked.
Rule 3 in FORWARD is too narrow, I would replace it with a more general one, without specifying interfaces. If there are no others and there are only two of them on the gateway: internal and external.

Similar questions
R
RoboSloNE2012-01-27 13:14:51
Redirecting all traffic to a remote proxy on Ubuntu Server 10.04? 2Reply
H
Hekatonkheir Viktorovich2018-03-26 18:29:03
How to force a proxy server to redirect requests to internal services to the internal network, and not to the external one? 2Reply
P
partisan422021-07-29 08:15:41
Why might hostalias not work in SARG? 0Reply
V
Vyacheslav Grachunov2015-12-24 12:44:40
How to restrict access to the Internet? 2Reply
P
Pavel K2016-01-04 15:22:59
How to tell apt-add-repository to ignore ssl check? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question