ipmasq package ruleset

Fri, 23 Aug 2002 07:05:29 -0500

ipmasq seems to have solved my NAT and firewall issues. I have a small network which just got upgraded to DSL. The firewall ruleset (shown by iptables -L and iptables -t nat -L) seems to have been installed with the ipmasq package. See output below.

Is this ruleset sufficient? Any improvements to be made for generic non indusrial firewall?

Many thanks,
Joe.
Please cc me as i am not on list.

ssp2:/home/mrg# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
LOG all -- 127.0.0.0/8 anywhere LOG level warning
DROP all -- 127.0.0.0/8 anywhere
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- localnet/24 anywhere
ACCEPT !tcp -- anywhere BASE-ADDRESS.MCAST.NET/4
LOG all -- localnet/24 anywhere LOG level warning
DROP all -- localnet/24 anywhere
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- anywhere 10.0.0.3
ACCEPT all -- anywhere 10.255.255.255
LOG all -- anywhere anywhere LOG level warning
DROP all -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- localnet/24 anywhere
ACCEPT all -- anywhere localnet/24
LOG all -- anywhere localnet/24 LOG level warning
DROP all -- anywhere localnet/24
LOG all -- anywhere anywhere LOG level warning
DROP all -- anywhere anywhere

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- anywhere localnet/24
ACCEPT !tcp -- anywhere BASE-ADDRESS.MCAST.NET/4
LOG all -- anywhere localnet/24 LOG level warning
DROP all -- anywhere localnet/24
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- 10.0.0.3 anywhere
ACCEPT all -- 10.255.255.255 anywhere
LOG all -- anywhere anywhere LOG level warning
DROP all -- anywhere anywhere

ssp2:/home/mrg# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  localnet/24          anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

ssp2:/home/mrg# uname -a
Linux ssp2 2.4.13-586-ext3 #1 Die Nov 6 00:09:32 CET 2001 i686 unknown

ssp2:/home/mrg# lsmod
Module Size Used by Tainted: P
usb-uhci 20804 0 (unused)
usbcore 48160 0 [usb-uhci]
ide-scsi 7552 0
lp 5152 0 (autoclean)
ipt_MASQUERADE 1216 1 (autoclean)
ipt_LOG 3168 7 (autoclean)
iptable_mangle 1728 0 (autoclean) (unused)
iptable_filter 1728 0 (autoclean) (unused)
iptable_nat 12788 0 [ipt_MASQUERADE]
ip_conntrack 12940 1 [ipt_MASQUERADE iptable_nat]
ip_tables 10432 7 [ipt_MASQUERADE ipt_LOG iptable_mangle iptable_filter iptable_nat]
sg 26788 0 (unused)
parport_pc 23400 1 (autoclean)
ppscsi 11264 0
parport 23360 1 [lp parport_pc ppscsi]
scsi_mod 84536 2 [ide-scsi sg ppscsi]
3c59x 24584 2
nfs 68988 2
lockd 46816 1 [nfs]
sunrpc 58356 1 [nfs lockd]
linear 1344 0 (unused)
md 43360 0 [linear]
ide-floppy 11136 0
rtc 5432 0 (autoclean)
unix 13700 16 (autoclean)
ide-disk 6624 2 (autoclean)
ide-probe-mod 8112 0 (autoclean)
ide-mod 131244 2 (autoclean) [ide-scsi ide-floppy ide-disk ide-probe-mod]


Joe Golden
The Stevens School of Peacham
thestevensschoolofpeacham.com


_________________________________________________________________
MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx

Reply via email to