i have a router connected to the internet 24/7 and setting up a router/firewal for a department of mathematics:
(maths cloud) --- [router/firewall] --- internet the routing works, dns works but firewall does not. if i run the configuration script (included), ssh session to the router stops responding after about a minute (until a cron job re-sets the firewall to open one). i have been trying with no success for a while now. any ideas about what i have done wrong? vladimir ps: the configuration script (the ip network string for allowing ssh to the router is changed to <allowed-network>) #! /bin/sh # maths router: netfilter setup # flush the rules iptables -F # drop all input packets by default iptables -P INPUT DROP # drop all forward packets by default iptables -P FORWARD DROP # loopback: iptables -A INPUT -i lo -j ACCEPT # eth0 (the maths side) # to be changed iptables -A INPUT -i eth0 -j ACCEPT # eth1 (the internet side): iptables -A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT # router daemons iptables -A INPUT -i eth1 -p tcp -m state --state NEW -m tcp --dport 346 -j ACCEPT iptables -A INPUT -i eth1 -p tcp -m state --state NEW -m tcp --dport 2600 -j ACCEPT iptables -A INPUT -i eth1 -p tcp -m state --state NEW -m tcp --dport 2601 -j ACCEPT iptables -A INPUT -i eth1 -p tcp -m state --state NEW -m tcp --dport 2604 -j ACCEPT # ssh (all interfaces) iptables -A INPUT -s <allowed-network>/16 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT iptables -A INPUT -s <allowed-network>/16 -p udp -m state --state NEW -m udp --dport 22 -j ACCEPT # forward (routing) # accept what was already accepted iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT # ssh iptables -A FORWARD -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT iptables -A FORWARD -p udp -m state --state NEW -m udp --dport 22 -j ACCEPT # http iptables -A FORWARD -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT iptables -A FORWARD -p udp -m state --state NEW -m udp --dport 80 -j ACCEPT #https iptables -A FORWARD -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT iptables -A FORWARD -p udp -m state --state NEW -m udp --dport 443 -j ACCEPT # smtp iptables -A FORWARD -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT # smtp over ssl iptables -A FORWARD -p tcp -m state --state NEW -m tcp --dport 465 -j ACCEPT # jet direct iptables -A FORWARD -p tcp -m state --state NEW -m tcp --dport 9100 -j ACCEPT -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
