Pivotal Studio's video: Linux Router - Setting up IPTABLES and NAT 2 3 - RHEL 7 CentOS 7

Read: In this video, I show you how to setup iptables/firewall/NAT on your DHCP server. This is the second video of having a CentOS 7 Linux box running as a DHCP server, gateway, and router of any given network. We touch on iptables and how to set it up with various commands. FirewallD is a frontend to iptables. Keep in mind that we disable it in this tutorial. % systemctl disable firewalld % systemctl stop firewalld This tutorial and others at: https://linuxguideandhints.com Notes: If you use debian or anything debian based, I cannot help you. Do not ask for help on those distributions. There are other video resources available. Keep in mind, most of what I do here can be done on those distributions anyway. File locations may vary. Prerequisites: -You followed the first video -DHCP is running correctly (make sure you have tested this) You can follow along completely if you use these distributions: --Fedora 20+ --CentOS 7 IPTables syntax: -A Append FORWARD/INPUT/POSTROUTING/PREROUTING: Tables -i input interface -o output interface -p protocol -m match -j command (ACCEPT/DENY/DROP) Interface notes... ens192 is the modem ens224 is the network Dropping pings: -A INPUT -i enp3s0 -p icmp -m icmp --icmp-type 8 -j DROP Commands to note: vi -- It's an editor in linux. i for insert, o for a new line, shift+g to go to the end of the file, ESC for command mode. :wq saves your file (zz does too). systemctl restart name - restarts service iptables -t (table) -A --The command to create iptables rules. (table) being nat or filter. Files/Folders to note: /etc/sysconfig/iptables -- The file where iptables information is stored. Example: https://www.bromosapien.net/media/index.php/Linux_Router_and_Firewall :_The_Linux_Firewall Useful link: http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux_Firewalls_Using_iptables FAQ: 1. Can I forward more than one port to any IP's through iptables? A. Yes you can, just make sure you use PREROUTING and FORWARD rules respectively. 2. In your other videos, you dropped pinging from the outside. Why didn't you do it this time? A. To be honest, I forgot. It is recommended to turn off pings from the outside on the INPUT chain. Consider it. -A INPUT -i enp3s0 -p icmp -m icmp --icmp-type 8 -j DROP 3. How do I forward ports? Your last video explained, but this one doesn't explain it. A. Create prerouting rules for your nat table and forward rules for your input. For example... -A PREROUTING -i enp2s0 -p tcp -m tcp --dport 8081 -j DNAT --to-destination 10.100.1.145:80 -A FORWARD -i enp2s0 -d 10.100.1.145 -p tcp -m tcp --dport 80 -j ACCEPT