Dear my friends, I am building a firewall with Debian Sarge on my internet gateway. But lookslike my debian does not read my iptables script after I run my own iptables script.
This is the result of the firewall on my debian-box. '192.168.23.0' is the subnet of my internal LAN. eth2 faces my internal LAN whose IP '192.168.23.2' and eth5 faces my ISP whose IP '202.155.0.1': == nmap 192.168.23.2 Starting Nmap 4.20 ( http://insecure.org ) at 2009-01-28 15:12 WIT Interesting ports on 192.168.23.2: Not shown: 1692 closed ports PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 111/tcp open rpcbind 113/tcp open auth 515/tcp open printer Nmap finished: 1 IP address (1 host up) scanned in 13.029 seconds == nmap 202.155.0.1 Starting Nmap 4.20 ( http://insecure.org ) at 2009-01-28 15:12 WIT Interesting ports on 202.155.0.1: Not shown: 1693 closed ports PORT STATE SERVICE 22/tcp open ssh 111/tcp open rpcbind 113/tcp open auth 515/tcp open printer Nmap finished: 1 IP address (1 host up) scanned in 14.010 seconds == I haven't open the rpcbind,auth,printer. And the 21,23,53 are not opened by my iptables. Where is the mistake? Please tell me. I am new in debian and iptables. Usually I use OpenSuSE and SuSEfirewall2 and I configure the firewall with YaST2 so easily. But now I want to get close to debian too. And I am stucked on this case. == here is my script == #!/bin/bash #Zero...zero...from beginning iptables -F route add default gateway 202.155.0.1 #Log....them iptables -I INPUT -j LOG iptables -I OUTPUT -j LOG iptables -I FORWARD -j LOG #Open needed ports iptables -I INPUT -i eth2 -s 192.168.23.0/24 -p icmp --icmp-type echo-request -j ACCEPT iptables -I INPUT -i eth5 -s 0/0 -p icmp --icmp-type echo-request -j ACCEPT iptables -I OUTPUT -o eth2 -d 192.168.23.0/24 -p icmp --icmp-type echo-reply -j ACCEPT iptables -I OUTPUT -o eth5 -d 0/0 -p icmp --icmp-type echo-reply -j ACCEPT iptables -I INPUT -i eth2 -p tcp --dport 21 -j ACCEPT iptables -I INPUT -i eth2 -p tcp --dport 22 -j ACCEPT iptables -I INPUT -i eth2 -p tcp --dport 23 -j ACCEPT iptables -I INPUT -i eth2 -p udp --dport 53 -j ACCEPT iptables -I INPUT -i eth5 -p tcp --dport 21 -j ACCEPT iptables -I INPUT -i eth5 -p tcp --dport 22 -j ACCEPT iptables -I INPUT -i eth5 -p tcp --dport 23 -j ACCEPT iptables -I INPUT -i eth5 -p udp --dport 53 -j ACCEPT iptables -I OUTPUT -o eth2 -p tcp --dport 21 -j ACCEPT iptables -I OUTPUT -o eth2 -p tcp --dport 22 -j ACCEPT iptables -I OUTPUT -o eth2 -p tcp --dport 23 -j ACCEPT iptables -I OUTPUT -o eth2 -p udp --dport 53 -j ACCEPT iptables -I OUTPUT -o eth5 -p tcp --dport 21 -j ACCEPT iptables -I OUTPUT -o eth5 -p tcp --dport 22 -j ACCEPT iptables -I OUTPUT -o eth5 -p tcp --dport 23 -j ACCEPT iptables -I OUTPUT -o eth5 -p udp --dport 53 -j ACCEPT iptables -I FORWARD -p tcp -i eth2 -s 192.168.23.0/24 -o eth5 -d 0/0 --dport 21 -j ACCEPT iptables -I FORWARD -p tcp -i eth2 -s 192.168.23.0/24 -o eth5 -d 0/0 --dport 22 -j ACCEPT iptables -I FORWARD -p tcp -i eth2 -s 192.168.23.0/24 -o eth5 -d 0/0 --dport 23 -j ACCEPT iptables -I FORWARD -p tcp -i eth2 -s 192.168.23.0/24 -o eth5 -d 0/0 --dport 53 -j ACCEPT iptables -I FORWARD -p tcp -i eth5 -s 0/0 -o eth2 -d 192.168.23.0/24 --dport 21 -j ACCEPT iptables -I FORWARD -p tcp -i eth5 -s 0/0 -o eth2 -d 192.168.23.0/24 --dport 22 -j ACCEPT iptables -I FORWARD -p tcp -i eth5 -s 0/0 -o eth2 -d 192.168.23.0/24 --dport 23 -j ACCEPT iptables -I FORWARD -p tcp -i eth5 -s 0/0 -o eth2 -d 192.168.23.0/24 --dport 53 -j ACCEPT iptables -t nat -I POSTROUTING -p icmp -o eth5 -d 0/0 -j SNAT --to-source 202.155.0.1 iptables -t nat -I POSTROUTING -p icmp -o eth2 -d 192.168.23.0/24 -j SNAT --to-source 192.168.23.2 iptables -t nat -I POSTROUTING -p tcp -o eth5 -d 0/0 -j SNAT --to-source 202.155.0.1 iptables -t nat -I POSTROUTING -p tcp -o eth2 -d 192.168.23.0/24 -j SNAT --to-source 192.168.23.2 iptables -t nat -I PREROUTING -p tcp -i eth5 -s 0/0 -d 202.155.0.1 --dport 23 -j DNAT --to-destination 192.168.23.20:23 iptables -t nat -I PREROUTING -p tcp -i eth2 -s 192.168.23.0/24 -d 192.168.23.2 --dport 23 -j DNAT --to-destination 192.168.23.20:23 Selalu bersama teman-teman di Yahoo! Messenger. Tambahkan mereka dari email atau jaringan sosial Anda sekarang! http://id.messenger.yahoo.com/invite/ -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
