[expert] Iptables usage

Tue, 19 Feb 2002 00:41:47 -0800 


Following the content of the very  good article in GNU/Linux magazine France
& in Linux Journal I configured the netfilter with the script here below &
end up being able to ping any host (inside or outside my private network). I
cannot however do any TCP connexions what so ever .... I did a MDK 8.1
simple install  (security set to high) & worked out that
/etc/rc.d/S03iptables is invoked @ boot to parametrize netfilter. The file
initalizes a default tables with the "iptables-restore" command.
With "that" the traffic doe not go out of my local network ....

I made a script base on LJ 09/2001 : Taming the wild Netfilter... but then I
can only ping the outside from the machine itself or from the & I cannot
worl out why it does when I alter some
lines & why it stops when altering others.

Could someone explain what i shoud modify to let TCP / UDP traffic reach
out?

Config is like that :

           eth0 (dhcpd)              eth1
   +---------------+ FW +--------------------+ Internal network
192.168.1.xxx
       internet                                                     |
                                                                       | DB
                                                                       |
                                                                       |
Appl. srvr
                                                                       |
                                                                       | Dev
                                                                       |
                                                                       |




Thomas,


<firewall.sh>
#!/bin/bash
# set -x
echo -n "Firewall "
echo 0 > /proc/sys/net/ipv4/ip_forward
echo "deactivated"

# echo "Defining the routes"
# route add default eth0

echo "Defining the interfaces & some variables"
source net.vars

# Remove all the rules from the table
# ####################################
IPT=/sbin/iptables
${IPT} -F

for i in filter nat mangle
do
    echo "Flushing ${i}"
    ${IPT} -t ${i} -F
    ${IPT} -t ${i} -X
done

for i in INPUT OUTPUT FORWARD
do
    echo "Flushing ${i}"
    ${IPT} -F ${i}
done

echo "Deleting the filter table"
${IPT} -t filter -F
${IPT} -t filter -X

echo "Activation de la masquarade"
${IPT} -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -d 0/0 -j MASQUERADE

echo "Created filter rule"
${IPT} -t filter -N tcprules
${IPT} -t filter -A tcprules -i eth0   -m state --state
ESTABLISHED,RELATED -j ACCEPT
${IPT} -t filter -A tcprules -i ! eth0 -m state --state
    -j ACCEPT
${IPT} -t filter -A tcprules -i eth0   -m state --state
LID         -j DROP

${IPT} -t filter -A tcprules -i eth1 -m state --state ESTABLISHED,RELATED -j
ACCEPT
${IPT} -t filter -A tcprules -i eth1 -m state --state NEW                 -j
ACCEPT
${IPT} -t filter -A tcprules -i eth1 -m state --state NEW,INVALID         -j
ACCEPT

${IPT} -t filter -A INPUT   -j tcprules
${IPT} -t filter -A FORWARD -j tcprules

# ${IPT} -t filter -P INPUT     DROP
# ${IPT} -t filter -P FORWARD   DROP

echo -n "Firewall"
echo 1 > /proc/sys/net/ipv4/ip_forward
echo " activated"
echo
</firewall.sh>


--
Thomas SMETS
rue J. Wytsmanstraat 62
1050 Bruxelles
yahoo-id : smetsthomas








Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com















    











					Reply via email to