Hello, Since 1999 I was using SLINK with Linux 2.0.38 and ipfwadm on my Router I was switching now to WOODA with Linux 2.4.(22|23) and iptables because my Thomson SpeedTouch 330 USB-ADSL-Modem.
I have following Interfaces: ppp0 ADSL wanadoo.fr eth0 192.168.1.0/26 publicnet Web-Server, access-server, DNS, ... eth1 192.168.1.64/25 privatenet Meine WS's, sql-Server, file-server eth2 192.168.1.96/26 securenet The Office of my old Emploier... :-) eth3 192.168.1./112/27 cybernet My CyberCenter eth4 192.168.1.128/25 wavenet My Lucent ORINOCO COR 1100 OK, I have installed the Debian-Base, compiled a new Kernel for the Router with all Netfilter-Modules I have found in the sources and installed my SpeedTouch-Backport from SID, configured and it works. Now a adsl:~ > iptables -vL' Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT packets, 0 bytes) pkts bytes target prot opt in out source destination OK , next step: I have masqueraded my subnets with: iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE echo 1 > /proc/sys/net/ipv4/ip_forward Great, all five Subnets can access the Internet... Now I like to do following: DENY anything in all Directions on the Router (!!!) and allow ACCEPT only: ppp0 --> eth0 eth3 eth4 eth* --> ppp0 eth0 --> eth4 eth1 --> eth0 eth2 eth3 eth4 eth2 --> eth0 eth3 eth4 eth3 --> eth0 eth4 eth4 --> eth0 eth3 With Linux 2.0.38 and ipfwadm it was easy but iptables ??? I was thinking it works like : iptables -P INPUT DROP iptables -P FORWARD DROP iptables -A FORWARD -o ppp0 -j ACCEPT iptables -A FORWARD -i eth0 -o eth4 -j ACCEPT iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT iptables -A FORWARD -i eth1 -o eth2 -j ACCEPT iptables -A FORWARD -i eth1 -o eth3 -j ACCEPT iptables -A FORWARD -i eth1 -o eth4 -j ACCEPT iptables -A FORWARD -i eth2 -o eth0 -j ACCEPT iptables -A FORWARD -i eth2 -o eth3 -j ACCEPT iptables -A FORWARD -i eth2 -o eth4 -j ACCEPT iptables -A FORWARD -i eth3 -o eth0 -j ACCEPT iptables -A FORWARD -i eth3 -o eth4 -j ACCEPT iptables -A FORWARD -i eth4 -o eth0 -j ACCEPT iptables -A FORWARD -i eth4 -o eth3 -j ACCEPT iptables -A FORWARD -i ppp0 -o eth0 -j ACCEPT iptables -A FORWARD -i ppp0 -o eth3 -j ACCEPT iptables -A FORWARD -i ppp0 -o eth4 -j ACCEPT And I must note, that eth3 has its own firewall because I have in the subnet a web/nfs-server and the Workstations... Hmmm, it does not work... The Next step is that I have a Virtual-Webserver at 192.168.1.14/26 which must be accessible and then the fileserver with its courier-imap and the Webmail on 192.168.1.68/27. How can I do it. For some minutes I have cleared all Rules and Now I can access again the Internet... I was on <http://netfilter.org/> but I do not understand it very well... Is there a iptables-Guru which can Help ? Greetings Michelle -- Registered Linux-User #280138 with the Linux Counter, http://counter.li.org.
