Thank you Dave. I will definately put into practice what you've mentioned here. I've been wondering just how to get Masquerade going correctly and your examples have been the easiest to understand that I've seen so far.
thanks a ton, daRcmaTTeR On Thu, 31 Jan 2002, [EMAIL PROTECTED] wrote: >Well; What are you default rules for your firewall, sensibly they should be something >like this: > > iptables -P INPUT DROP > iptables -P OUTPUT DROP > iptables -P FORWARD DROP > >This will close all inbound connections to your box. (Be carefull not to enter this >from the command line if you are mounting NFS, I did and it locks your machine!) We >now need to flush all existing rules by doing: > > # flush the NAT tables > iptables -t nat -F > # flush filter table > iptables -F > # flush user-defined rules > iptables -X > >Set up masquerading: > > iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE > >Allow the loopback interface: > > iptables -A OUTPUT -o lo -j ACCEPT > iptables -A INPUT -i lo -j ACCEPT > >Allow internal ethernet i/face: > > iptables -A OUTPUT -o eth0 -j ACCEPT > iptables -A INPUT -i eth0 -j ACCEPT > >Set up those already established inbound/outbound requests, > > iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > iptables -A FORWARD -i eth0 -o ppp0 -m state --state ESTABLISHED,RELATED -j >ACCEPT > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > iptables -A FORWARD -i ppp0 -o eth0 -m state --state ESTABLISHED,RELATED -j >ACCEPT > >Do the icmp bit: > > iptables -A OUTPUT -p ICMP --icmp-type echo-request -j ACCEPT > iptables -A FORWARD -o ppp0 -p ICMP --icmp-type echo-request -j ACCEPT > >Now set up the rules for those services you want to open. Do some firewall reading >for that. As I said, I am not an expert, but I understand the basic, If anyone can >add to this....your welcome. But I would be suprised if the port 139 was still open >from the exterior. > >Dave. > > >Original Message: >----------------- >From: daRcmaTTeR [EMAIL PROTECTED] >Date: Thu, 31 Jan 2002 07:24:52 -0500 >To: [EMAIL PROTECTED] >Subject: Re: [expert] What firewall to use in MDK 8.1 > > >On Wed, 30 Jan 2002 20:02:21 -0600 >"J. Craig Woods" <[EMAIL PROTECTED]> studiouisly spake these words to >ponder: > >> daRcmaTTeR wrote: >> > > > >> > > > thanks, but that didn't seem to make any difference. for what ever >> > > > reason iptables -A INPUT -p udp --dport -i ppp0 -j DROP >> > > > doesn't make any difference. port 139 remains open to the outer >> > > > interface. > >> >> Unless there is something seriously wrong with your firewall >> implementation or your kernel, the above IPTABLE rule should work. How >> do you know that your outside UDP port 139 is open (not the inside port >> 139 for eth0, that might be open)? What kind of check did you do? Are >> you running any kind of samba or windows netbios? >> > >Craig, > >yes, I'm running Samba on the Mandrake machine for the winders box on the >LAN. I've using the Sygate security scan to check my ports. >http://sygatetech.com/ > >this is getting stranger and strangerer... > >-- >daRcmaTTeR >--------------------------------------------------------------------- >Registered Linux User 182496 >--------------------------------------------------------------------- > 7:05am up 24 days, 21:37, 3 users, load average: 0.47, 0.38, 0.28 > > >-------------------------------------------------------------------- >mail2web - Check your email from the web at >http://mail2web.com/ . > > >
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
