To allow the FTP, SSH and OpenVPN connection for incomming connection, please see below my suggestion:
IPTABLES=/sbin/iptables
# Allow incoming ftp connections
$IPTABLES -A INPUT -s any/0 -i <external-interface> -p tcp --dport 21 -m state --state NEW --syn -j ACCEPT
#Allow incoming ssh connections
$IPTABLES -A INPUT -s any/0 -i <external-interface> -p tcp --dport 22 -m state --state NEW --syn -j ACCEPT
#Allow incoming openVPN connections
$IPTABLES -A INPUT -s any/0 -i <external-interface> -p tcp --dport 1194 -m state --state NEW --syn -j ACCEPT
$IPTABLES -A INPUT -s any/0 -i <external-interface> -p udp --dport 1194 -m state --state NEW --syn -j ACCEPT
# Start and stop the iptables service
echo "Firewall started"
;;
stop)
echo "Stopping Firewall"
$IPTABLES -F
$IPTABLES -t nat -F
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
$SYSCTL -w net.ipv4.ip_forward=0
echo "Firewall stopped"
;;
status)
echo "Firewall status"
echo "==============="
echo
echo "FILTER Table"
echo "------------"
$IPTABLES -L -v --line-numbers
echo
echo "NAT Table"
echo "---------"
$IPTABLES -t nat -L -v --line-numbers
echo
;;
panic)
echo "PANIC mode Firewall"
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -P FORWARD DROP
$IPTABLES -F
;;
restart)
echo "Restarting Firewall"
$0 stop
$0 start
;;
*)
echo "Usage : $0 {start|stop|status|panic}"
exit 1
esac
exit 0
Please for any further help do not hesitate, and may that's your needs:)
Regards
--Adel
On 12/19/05, Manoj Menon <[EMAIL PROTECTED]> wrote:
Hi everybody,
I am trying to set up a linux box to share the
internet connection (static IP, connected to eth0)
using iptables.
My firewall/NAT script looks something like this.
iptables -F
iptables -t nat -F
# Flush all previous rules
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A INPUT -m state --state NEW -j DROP
# Drop suspicious packets
iptables -A INPUT -m state --state RELATED,ESTABLISHED
-j ACCEPT
#iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
# Just in case I get have to settle for a connection
# with a dynamic IP
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to
200.0.0.1
# Assuming that 200.0.0.1 is the external IP address
echo 1 > /proc/sys/net/ipv4/ip_forward
# Start up IP forwarding
I would love your critique of the above. Any
suggestions on how I can improve the same is also
welcome.
Some time in the fufture I will also be incorporating
an FTP server and maybe even an ssh server. Or perhaps
OpenVPN. Hence, I am pushing for the static IP.
Would also appreciate your recommendations on how I
can allow these two services through the firewall
securely.
I believe the above is from some Linux magazine
published in India from a couple of years ago. Its
been some time since I've messed around with
netfilter, and I am feeling a little out of touch.
Can't shake off the feeling that I am forgetting
something!
-Manoj.C
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
------------------------ Yahoo! Groups Sponsor --------------------~-->
Most low income homes are not online. Make a difference this holiday season!
http://us.click.yahoo.com/5UeCyC/BWHMAA/TtwFAA/0XFolB/TM
--------------------------------------------------------------------~->
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/dubailug/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
SPONSORED LINKS
| Linux operating system | Linux os | Hosting linux unix web |
| Free linux operating system | Linux migration | Linux user |
YAHOO! GROUPS LINKS
- Visit your group "dubailug" on the web.
- To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
- Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
