Valknut Manual

Valknut Manual: "The following assumptions are made:

*

your default INPUT and FORWARD policy is DENY, your default OUTPUT policy is ACCEPT
*

$IPTABLES is the iptables command
*

$PUBLICIP is your public IP address
*

$PRIVATEIP is the internal IP of your firewall
*

$EXTIF is your external network device, e.g. ppp0, eth1
*

$INTIF is your the internal network device, e.g. eth0
*

$MYPC is the private IP address of the computer running Valknut behind a NAT

Machine running Valknut has a public IP address, e.g. a dialup modem connection.

$IPTABLES -A INPUT -i $EXTIF -d $PUBLICIP -p tcp --dport 9176 -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -d $PUBLICIP -p udp --dport 9176 -j ACCEPT


Machine running Valknut is behind a NATing Linux firewall.

$IPTABLES -t nat -A PREROUTING -d $PUBLICIP -p tcp --dport 9176 -j DNAT --to $MYPC
$IPTABLES -t nat -A PREROUTING -d $PUBLICIP -p udp --dport 9176 -j DNAT --to $MYPC
$IPTABLES -A FORWARD -o $INTIF -d $MYPC -p tcp --dport 9176 -j ACCEPT
$IPTABLES -A FORWARD -o $INTIF -d $MYPC -p udp --dport 9176 -j ACCEPT


If you have other machines on your LAN wanting to connect to the NATed machine running Valknut, you need some trickery so the replies come back via the firewall. Add this line after the four above:

$IPTABLES -t nat -A POSTROUTING -d $MYPC -s 192.168.1.0/24 -p tcp --dport 9176 -j SNAT --to $PRIVATEIP"