Re: [expert] msec and ipmasq/ipchains

Des Wass Sat, 8 Jan 2000 15:44:12 -0800
On 08/01/00, WH Bouterse said:
 >Thanks for the response Ax'
 >Do you People ever sleep!!?? :-)
 >
 >I have created an '/etc/rc.d/rc.firewall' as suggested
 >in HowTo, mandrakeuser.org calls it  'rc.masq'
 >
 
 Firstly, if you don't need all these things in here (like CuSeeMe, VDOLive,
 etc) don't bother loading them.
 
 >#/sbin/depmod -a  <I have commented and un' this one>
 >echo -n "Setting IP chains...'
 >/sbin/modprobe ip_masq_cuseeme
 >/sbin/modprobe ip_masq_vdolive
 >/sbin/modprobe ip_masq_ftp
 >/sbin/modprobe ip_masq_user
 >/sbin/modprobe ip_masq_portfw
 >/sbin/modprobe ip_masq_mfw

 I'd put this last:
 >echo "1" > /proc/sys/net/ipv4/ip_forward

 
 I would also do something like this:

 (Since you are using a script, I'll take advantage of a few things.)

 #our internal address allowed out
 INTERNAL="192.168.0.0/24"
 #the world at large
 REMOTE="0/0"
 #what interface we contact the world on
 LOCAL="whateveryourgatewayaddressis/anditsmask"
 #location of ipchains
 IPCHAINS="/sbin/ipchains"

 #Allow internal traffic
 $IPCHAINS -A input -s $INTERNAL -d $INTERNAL -j ACCEPT
 $IPCHAINS -A output -s $INTERNAL -d $INTERNAL -j ACCEPT
 #Don't masquerade internal traffic
 $IPCHAINS -A forward -s $INTERNAL -d $INTERNAL -j ACCEPT
 #Don't masquerade the gateway address
 $IPCHAINS -A forward -s $LOCAL -d $REMOTE -j ACCEPT
 #Allow internal traffic out
 $IPCHAINS -A forward -s $INTERNAL -d $REMOTE -j MASQ
 #Set the default policy to deny
 $IPCHAINS -P forward DENY

 #Prevent netbios
 $IPCHAINS -A input -p tcp -s 0/0 -d $LOCAL 137:139 -j DENY
 $IPCHAINS -A input -p udp -s 0/0 -d $LOCAL 137:139 -j DENY

 I assume you have all your input and output filters setup ok?
 
 >    /sbin/ipchains -P forward DENY
 >    #/sbin/ipchains -A forward -s 192.168.0.0/24 -j MASQ
 >    /sbin/ipchains -A forward -s 192.168.0.11/32 -j MASQ
 >    #asf.
 >    #/sbin/ipchains -A forward -s 192.168.0.11/24 -j MASQ
 >    #/sbin/ipchains -A forward -i eth1 -d 192.168.1.0/24
 >    #/sbin/ipchains -A forward -i eth0 -d 192.168.0.1/24
 >    /sbin/ipchains -A forward -j DENY -p tcp -s 0.0.0.0/0 137:139
 >    /sbin/ipchains -A forward -j DENY -p udp -s 0.0.0.0/0 137:139
 >    #/sbin/ipchains -A forward -s 192.168.0./24 -j MASQ
 >    #echo "Ready to go."
 >
 >I have messed around with various configurations of the above
 >So From:-->Client eth0 192.168.0.11 -->
 >-->eth1 192.168.0.10 Gateway into Server-->
 >-->eth0 -->static IP -->STOP<gateway to the outside world>
 >I can get that far but no further!
 >ipv4 forwarding is enabled in 'netcfg'
 >

I hope this helps...


-- 
                |   http://www.prowebservers.com
Desmond Wass    |   Web Hosting Systems
{Mobile Stolen} |   Phone: 08 9244 4877
                |   Fax: 08 9244 4977
Re: [expert] msec and ipmasq/ipchains

Reply via email to
