For a typical cable/DSL user using Linux for NAT+firewall. Works
with Linux 2.4.x.
eth0 -> connects to ISP
TCP_PORTS -> ports kept open.
I wish some HOWTO published this. It took me quite a bit of RTFM
to come up with this.
-Arun
# NAT stuff
echo "1" > /proc/sys/net/ipv4/ip_forward
IPTABLES=/sbin/iptables
# Flush the existing rules
$IPTABLES -F INPUT
$IPTABLES -F block
# Masquerading
$IPTABLES -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# Firewall
$IPTABLES -N block
$IPTABLES -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A block -m state --state NEW -i ! eth0 -j ACCEPT
TCP_PORTS="22 25 80 500"
for PORT in $TCP_PORTS; do
$IPTABLES -A block -m state --state NEW -p tcp \
--dport $PORT -j ACCEPT
done
# Everything not matched by the previous rules is dropped
$IPTABLES -A block -j DROP
# Jump to the block chain from INPUT chain.
$IPTABLES -A INPUT -j block
_______________________________________________
linux-india-help mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/linux-india-help
