Tuesday, 20 August 2013

SQL Server 2005 Express behind linux gateway with iptables

SQL Server 2005 Express behind linux gateway with iptables

We want to access an SQL Server instance which runs on 10.12.1.2:1433
through a linux gateway machine.
The gateway n205 has 2 interfaces eth0 with IP 192.168.1.205 and eth1 with
IP 10.12.1.1
The gateway should not act as a firewall, so there are no accept rules
necessary.
Network Diagram:
[DB-Client] --> [192.168.1.205=eth0 "n205" eth1=10.12.1.1] -->
[10.12.1.2:1433 "SQL Server"]
I believe this script is almost correct, but I still cannot connect to
192.168.1.205:1433 with a database client.
(The gateway should not act as a firewall, so there are no accept rules
necessary.)
#!/bin/sh
echo "Stopping firewall and allowing everyone..."
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/conf/eth0/forwarding
echo 1 > /proc/sys/net/ipv4/conf/eth1/forwarding
EPUB=eth0
IPPUB=192.168.1.205
PPUB=1433
EREV=eth1
IPREV=10.12.1.1
SRV=10.12.1.2
PSRV=1433
iptables -t nat -I PREROUTING -p tcp -i $EPUB -d $IPPUB --dport $PPUB -j
DNAT --to $SRV:$PSRV
iptables -t nat -A POSTROUTING -p tcp -o $EREV -j MASQUERADE
The 2 rules look like this when echoed:
iptables -t nat -I PREROUTING -p tcp -i eth0 -d 192.168.1.205 --dport 1433
-j DNAT --to 10.12.1.2:1433
iptables -t nat -A POSTROUTING -p tcp -o eth1 -j MASQUERADE
The output of
iptables -L
iptables -t nat -L
cat /proc/sys/net/ipv4/conf/eth0/forwarding
cat /proc/sys/net/ipv4/conf/eth1/forwarding
cat /proc/sys/net/ipv4/ip_forward
after the iptables script was executed looks like this:
Chain INPUT (policy ACCEPT) target prot opt source
destination
Chain FORWARD (policy ACCEPT) target prot opt source
destination
Chain OUTPUT (policy ACCEPT) target prot opt source
destination Chain PREROUTING (policy ACCEPT) target prot opt source
destination DNAT tcp -- anywhere n205.localdomain tcp dpt:ms-sql-s
to:10.12.1.2:1433
Chain INPUT (policy ACCEPT) target prot opt source
destination
Chain OUTPUT (policy ACCEPT) target prot opt source
destination
Chain POSTROUTING (policy ACCEPT) target prot opt source
destination MASQUERADE tcp -- anywhere
anywhere
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)