The script below does not work without iptables -P INPUT, OUTPUT, FORWARD ACCEPT. I must be missing a rule but can't find it. I'm new to iptables, so I'm hoping one of the geniuses here could help me out. ETH0 is the WAN and ETH1 is LAN.
//edit 2 forwarding is enabled in sysctl.conf.
#downen network interfaces
ifconfig eth0 down
ifconfig eth1 down
#droppen traffic
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -P FORWARD DROP
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -t nat -F
#verkeer naar buiten toe laten en nat aanzetten
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
#RDP forward voor windows servers
iptables -t nat -A PREROUTING -p tcp --dport 3389 -i eth1 -j DNAT --to destination 192.168.2.10
iptables -t nat -A PREROUTING -p tcp --dport 3340 -i eth1 -j DNAT --to destination 192.168.2.12
#toestaan SSH verkeer
iptables -t nat -A PREROUTING -p tcp --dport 22 -i eth0 -j DNAT --to destination 192.168.2.1
iptables -t nat -A PREROUTING -p udp --dport 22 -i eth0 -j DNAT --to destination 192.168.2.1
#toestaan verkeer loopback
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
#toestaan lokaal netwerk
iptables -A OUTPUT -o eth1 -j ACCEPT
iptables -A INPUT -i eth1 -j ACCEPT
#netwerk kaarten aanzetten
ifconfig eth0 XXXXXXXX
ifconfig eth1 192.168.2.1/24
route add default gw XXXXXXXXXX
ifconfig eth0 up
ifconfig eth1 up
You say that you need to set the policy to accept on all the tables. Does it also work when you set it to accept on just the FORWARD table?
Also, I'm assuming you are indeed testing only forwarding and not from the local machine? In case of the latter, you need to do this as well:
As a sidenote, I'd use the iptables comment option, so iptables -L also gives helpful output.
You must enable ip forwarding with
You can do this via sysctl too.