I have a basic proxy/firewall script:
I got this from aboutdebian.com
#!/bin/sh
# IPCHAINS FIREWALL script for the Linux 2.2 kernel. # This script is a derivitive of the script presented in # the IP Masquerade HOWTO page at: # www.tldp.org/HOWTO/IP-Masquerade-HOWTO/stronger-firewall-examples.html # It was simplified to coincide with the configuration of # the sample system presented in the Guides section of # www.aboutdebian.com # # PLEASE SET THE USER VARIABLES # IN SECTIONS A AND B OR C
echo -e "\n\nSETTING UP IPCHAINS FIREWALL..."
# === SECTION A
# ----------- FOR EVERYONE
# SET THE _NETWORK_ ADDRESS OF YOUR INTERNAL NETWORK # The default value below is for a 192.168.0.0 network. # Note that the "/24" is a network mask of 255.255.255.0 # (meaning 24 bits - three octets - set to 1s). Similarly, # a network mask of 255.255.0.0 would be "/16". # Note that this is a NETWORK address - not the # IP address of a specific device on the network. # Enter the internal network's (or subnet's) network # address for the INTLAN variable:
INTLAN="192.168.0.0/24"
# SET THE INTERFACE DESIGNATION FOR THE NIC CONNECTED TO YOUR INTERNAL NETWORK
# The default value below is for "eth0". This value # could also be "eth1" if you have TWO NICs in your system.
# You can use the ifconfig command to list the interfaces
# on your system. The internal interface will likely have
# have an address that is in one of the private IP address
# ranges.
# Note that this is an interface DESIGNATION - not
# the IP address of the interface.
# Enter the internal interface's designation for the
# INTIF variable:
INTIF="eth0"
# SET THE INTERFACE DESIGNATION FOR YOUR "EXTERNAL" (INTERNET) CONNECTION
# The default value below is "ppp0" which is appropriate # for a MODEM connection.
# If you have two NICs in your system change this value
# to "eth0" or "eth1" (whichever is opposite of the value
# set for INTIF above).
# Note that this is an interface DESIGNATION - not
# the IP address of the interface.
# Enter the external interface's designation for the
# EXTIF variable:
EXTIF="ppp0"
# ! ! ! ! ! Use ONLY Section B *OR* Section C depending on # ! ! ! ! the type of Internet connection you have.
# === SECTION B # ----------- FOR THOSE WITH STATIC PUBLIC IP ADDRESSES
# SET YOUR EXTERNAL IP ADDRESS # If you specified a NIC (i.e. "eth0" or "eth1" for # the external interface (EXTIF) variable above, # AND if that external NIC is configured with a # static, public IP address (assigned by your ISP), # UNCOMMENT the following EXTIP line and enter the # IP address for the EXTIP variable:
# EXTIP="your.static.IP.address"
# === SECTION C # ---------- DIAL-UP MODEM, AND RESIDENTIAL CABLE-MODEM/DSL (Dynamic IP) USERS
# SET YOUR EXTERNAL INTERFACE FOR DYNAMIC IP ADDRESSING # If you get your IP address dynamically from SLIP, PPP, # BOOTP, or DHCP, UNCOMMENT the FOUR commands below. # (No values have to be entered.) # Note that if you are uncommenting these lines then # the EXTIP line in Section B must be commented out.
# echo " Enabling Dynamic IP Addressing..."
# echo "1" > /proc/sys/net/ipv4/ip_dynaddr
# /sbin/ipchains -A input -j ACCEPT -i $EXTIF -s 0/0 67 -d 0/0 68 -p udp
# EXTIP="`/sbin/ifconfig ppp0 | grep 'inet addr' | awk '{print $2}' | sed -e
's/.*://'`"# -------- No more user variables beyond this point ------------------
echo " Loading required IPMASQ kernel modules..."
/sbin/depmod -a /sbin/modprobe ip_masq_ftp /sbin/modprobe ip_masq_raudio
echo " Enabling IP forwarding..." echo "1" > /proc/sys/net/ipv4/ip_forward echo " Enabling IP Defragmentation..." echo "1" > /proc/sys/net/ipv4/ip_always_defrag
# MASQ timeouts
#
# 2 hrs timeout for TCP session timeouts
# 10 sec timeout for traffic after the TCP/IP "FIN" packet is received
# 160 sec timeout for UDP traffic (Important for MASQ'ed ICQ users)
echo " Setting default timers..." /sbin/ipchains -M -S 7200 10 160
echo " Internal interface: $INTIF" echo " Internal network IP address is: $INTLAN" echo " External interface: $EXTIF" echo " External interface IP address is: $EXTIP"
echo " Setting up firewall rules..."
# INPUT RULES ############################################################################# # Incoming, flush and set default policy of reject. # ipchains -F input ipchains -P input REJECT ipchains -A input -i $INTIF -s $INTLAN -d 0.0.0.0/0 -j ACCEPT ipchains -A input -i $EXTIF -s $INTLAN -d 0.0.0.0/0 -l -j REJECT ipchains -A input -i $EXTIF -s 0.0.0.0/0 -d $EXTIP/32 -j ACCEPT ipchains -A input -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT
# OUTPUT RULES ############################################################################# # Outgoing, flush and set default policy of reject. # ipchains -F output ipchains -P output REJECT ipchains -A output -i $INTIF -s 0.0.0.0/0 -d $INTLAN -j ACCEPT ipchains -A output -i $EXTIF -s 0.0.0.0/0 -d $INTLAN -l -j REJECT ipchains -A output -i $EXTIF -s $INTLAN -d 0.0.0.0/0 -l -j REJECT ipchains -A output -i $EXTIF -s $EXTIP/32 -d 0.0.0.0/0 -j ACCEPT ipchains -A output -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT
# FORWARD RULES ############################################################################# # Forwarding, flush and set default policy of deny. # ipchains -F forward ipchains -P forward DENY ipchains -A forward -i $EXTIF -s $INTLAN -d 0.0.0.0/0 -j MASQ
echo " Firewall rule loading complete\n\n"
************************************************* The proxy server dials automatically. I can ping the proxy/firewall machine.
How do I get my machines windows/linux to connect to it??? I tried changing the gateway and filling in the proxy settings info in the browser. DNS settings on debian proxy/firewall are correct.
What am I missing???
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
