/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
Hello, This is my first post to the list, so I apologize if I bother someone.
I've been reading the archive mailing list archives, but there are not many
posting
about using stronger IP firewall.
I am not an expert reading scripts, but I was able to setup IP masquerade with
ipchain before. Now, I try to use IP tables instead. IP table is working fine
with stronger IP firewall, but nobody can access my wwww server from outsite.
Here is my configuration:
RH 7.1 kernel 2.4.2-2, IP tables 1.2.4
(DSL) Linux
valid, ------------------ |--Win Box
Internet --> static | eth0 eth1 | 192.168.0.1 -|
IP address ------------------ |--Laptop
Here is what happen:
1. All my machines have access outsite with not problem, but...
2. Nobody can see my Linux box from outside.
3. Therefore, my web site have disappeared misteriously :-(
4. I am using stronger IP firewall with some modification I pickup from the
archive list. Here are the changes I did:
$IPTABLES -P INPUT DROP
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT DROP
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -F -t nat
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 80 -m state \
--state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 80 \
-j DNAT --to 192.168.0.1:80
$IPTABLES -A POSTROUTING -t nat -d $PORTFWIP -o $INTIF -j SNAT --to $INTIP
This is what I got:
Clearing any existing rules and setting default policy to DROP..
Enabling PORTFW Redirection on the external LAN..
Bad argument `,ESTABLISHED,RELATED'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `,ESTABLISHED,RELATED'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `eth1'
Try `iptables -h' or 'iptables --help' for more information.
Creating a DROP chain..
- Loading INPUT rulesets
- Loading OUTPUT rulesets
- Loading FORWARD rulesets
- FWD: Allow all connections OUT and only existing/related IN
- NAT: Enabling SNAT (MASQUERADE) functionality on eth0
Stronger rc.firewall-2.4 0.63s done.
It seems that the default policy to DROP is blocking my website. My question
is,
how can I modified the default policy to allow connection to my website from outsite?
I've been working on this problem for several days at night and I will
appreciate
any help I can get.
Thank you,
Walter
"If we were logical, the future would be bleak indeed. But | (408)294-4750
we are more than logical. We are human beings, and we have | [EMAIL PROTECTED]
faith, and we have hope, and we can work" -Jacques Cousteau | http://wdacruz.com
------------------------------------------------------------|---------------------
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
