[Masq] Re: Masq digest, Vol 1 #544 - 2 msgs

Thu, 27 Dec 2001 22:18:30 -0800 

/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */

Jamin:

Thank you very much for your help!  Everything is working fine now.  I modified 
your firewall.conf according to my personal requirements.  I also noticed that you 
comment out the following line (which I enabled).  I am not sure if that was your 
intention.

In line 28:

#INT_NETWORKS="192.168.0.0/24"

        I also noticed that you updated the script today (0.7.5.1).  I tried a 
previous 
version before (0.7.5.0) and did not worked for me, but the newer version worked 
like a charm.

Again, thank you for all your help.

                        Walter

[EMAIL PROTECTED] wrote:

> Send Masq mailing list submissions to
>       [EMAIL PROTECTED]
> 
> To subscribe or unsubscribe via the World Wide Web, visit
>       http://home.indyramp.com/mailman/listinfo/masq
> or, via email, send a message with subject or body 'help' to
>       [EMAIL PROTECTED]
> 
> You can reach the person managing the list at
>       [EMAIL PROTECTED]
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Masq digest..."
> 
> 
> This is the Linux IP Masquerading mailing list digest. To unsubscribe, change to 
>realtime distribution, or adjust your other list options, visit the web page at
> 
> http://home.indyramp.com/mailman/listinfo/masq
> 
> PLEASE read the HOWTO and search the archives before posting.
> You can start your search at http://www.indyramp.com/masq/
> Please keep general linux/unix/pc/internet questions off the list.
> 
> Today's Topics:
> 
>    1. [Fwd: stronger IP firewall block my www] (Walter G. da Cruz)
>    2. Re: [Fwd: stronger IP firewall block my www] (Jamin W. Collins)
> 
> --__--__--
> 
> Message: 1
> Date: Wed, 26 Dec 2001 22:17:25 -0800
> From: "Walter G. da Cruz" <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: [Masq]  [Fwd: stronger IP firewall block my www]
> 
> 
> Hello, This is my first post to the list, so I apologize if I bother someone.
> 
>       I've been reading the archive mailing list archives, but there are not many 
>posting 
> about using stronger IP firewall.
> 
>       I am not an expert reading scripts, but I was able to setup IP masquerade with 
> ipchain before.  Now, I try to use IP tables instead.  IP table is working fine 
> with stronger IP firewall, but nobody can access my wwww server from outsite.
> Here is my configuration:
> 
> RH 7.1 kernel 2.4.2-2, IP tables 1.2.4
> 
>                       (DSL) Linux
>            valid,      ------------------               |--Win Box
> Internet --> static   | eth0        eth1 | 192.168.0.1 -|
>            IP address  ------------------               |--Laptop
> 
> Here is what happen:
> 1. All my machines have access outsite with not problem, but...
> 2. Nobody can see my Linux box from outside.
> 3. Therefore, my web site have disappeared misteriously :-(
> 4. I am using stronger IP firewall with some modification I pickup from the
> archive list.  Here are the changes I did:
> 
> $IPTABLES -P INPUT DROP
> $IPTABLES -F INPUT
> $IPTABLES -P OUTPUT DROP
> $IPTABLES -F OUTPUT
> $IPTABLES -P FORWARD DROP
> $IPTABLES -F FORWARD
> $IPTABLES -F -t nat
> 
> $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 80 -m state \
> --state NEW,ESTABLISHED,RELATED -j ACCEPT
> $IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 80 \
> -j DNAT --to 192.168.0.1:80
> 
> $IPTABLES -A POSTROUTING -t nat -d $PORTFWIP -o $INTIF -j SNAT --to $INTIP
> 
> 
> This is what I got:
> 
>     Clearing any existing rules and setting default policy to DROP..
> Enabling PORTFW Redirection on the external LAN..
> Bad argument `,ESTABLISHED,RELATED'
> Try `iptables -h' or 'iptables --help' for more information.
> Bad argument `,ESTABLISHED,RELATED'
> Try `iptables -h' or 'iptables --help' for more information.
> Bad argument `eth1'
> Try `iptables -h' or 'iptables --help' for more information.
>     Creating a DROP chain..
> 
>      - Loading INPUT rulesets
>      - Loading OUTPUT rulesets
>      - Loading FORWARD rulesets
>        - FWD: Allow all connections OUT and only existing/related IN
>        - NAT: Enabling SNAT (MASQUERADE) functionality on eth0
> 
> Stronger rc.firewall-2.4 0.63s done.
> 
>       It seems that the default policy to DROP is blocking my website.  My question 
>is,
> how can I modified the default policy to allow connection to my website from outsite?
> 
>       I've been working on this problem for several days at night and I will 
>appreciate 
> any help I can get.
> 
>                               Thank you,
>                               Walter
> 
> 
>   "If we were logical, the future would be bleak indeed. But | (408)294-4750
>   we are more than logical. We are human beings, and we have | [EMAIL PROTECTED]
> faith, and we have hope, and we can work" -Jacques Cousteau | http://wdacruz.com
> ------------------------------------------------------------|---------------------
> 
> 
> 
> --__--__--
> 
> Message: 2
> Subject: Re: [Masq]  [Fwd: stronger IP firewall block my www]
> From: "Jamin W. Collins" <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Date: 27 Dec 2001 01:57:00 -0600
> 
> On Thu, 2001-12-27 at 00:17, Walter G. da Cruz wrote:
> 
>>Hello, This is my first post to the list, so I apologize if I bother someone.
>>
> 
> No need for apologies.
> 
> 
>>      It seems that the default policy to DROP is blocking my website.  My question 
>is,
>>how can I modified the default policy to allow connection to my website from outsite?
>>
>>      I've been working on this problem for several days at night and I will 
>appreciate 
>>any help I can get.
>>
> 
> Take a trip to http://www.asgardsrealm.net/linux/firewall and grab my
> script.
> 
> Jamin W. Collins
> 
> 
> 
> --__--__--
> 
> _______________________________________________
> Masq maillist  -  [EMAIL PROTECTED]
> http://home.indyramp.com/mailman/listinfo/masq
> Admin requests handled at the above URL or [EMAIL PROTECTED]
> 
> PLEASE read the HOWTO and search the archives before posting.
> You can start your search at http://www.indyramp.com/masq/
> Please keep general linux/unix/pc/internet questions off the list.
> 
> End of Masq Digest
> 
> 


-- 

  "If we were logical, the future would be bleak indeed. But | (408)294-4750
  we are more than logical. We are human beings, and we have | [EMAIL PROTECTED]
faith, and we have hope, and we can work" -Jacques Cousteau | http://wdacruz.com
------------------------------------------------------------|---------------------


_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.

Reply via email to