/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */
Walter G. da Cruz wrote: > I am not an expert reading scripts, but I was able to setup IP masquerade with > ipchain before. Now, I try to use IP tables instead. IP table is working fine > with stronger IP firewall, but nobody can access my wwww server from outsite. > Here is my configuration: > > RH 7.1 kernel 2.4.2-2, IP tables 1.2.4 > > (DSL) Linux > valid, ------------------ |--Win Box > Internet --> static | eth0 eth1 | 192.168.0.1 -| > IP address ------------------ |--Laptop > > Here is what happen: > 1. All my machines have access outsite with not problem, but... > 2. Nobody can see my Linux box from outside. > 3. Therefore, my web site have disappeared misteriously :-( > 4. I am using stronger IP firewall with some modification I pickup from the > archive list. Here are the changes I did: > > $IPTABLES -P INPUT DROP > $IPTABLES -F INPUT > $IPTABLES -P OUTPUT DROP > $IPTABLES -F OUTPUT > $IPTABLES -P FORWARD DROP > $IPTABLES -F FORWARD > $IPTABLES -F -t nat > > $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 80 -m state \ > --state NEW,ESTABLISHED,RELATED -j ACCEPT > $IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 80 \ > -j DNAT --to 192.168.0.1:80 > > $IPTABLES -A POSTROUTING -t nat -d $PORTFWIP -o $INTIF -j SNAT --to $INTIP > > > This is what I got: > > Clearing any existing rules and setting default policy to DROP.. > Enabling PORTFW Redirection on the external LAN.. > Bad argument `,ESTABLISHED,RELATED' > Try `iptables -h' or 'iptables --help' for more information. > Bad argument `,ESTABLISHED,RELATED' > Try `iptables -h' or 'iptables --help' for more information. > Bad argument `eth1' > Try `iptables -h' or 'iptables --help' for more information. > Creating a DROP chain.. > > - Loading INPUT rulesets > - Loading OUTPUT rulesets > - Loading FORWARD rulesets > - FWD: Allow all connections OUT and only existing/related IN > - NAT: Enabling SNAT (MASQUERADE) functionality on eth0 > > Stronger rc.firewall-2.4 0.63s done. > > It seems that the default policy to DROP is blocking my website. My question >is, > how can I modified the default policy to allow connection to my website from outsite? > > I've been working on this problem for several days at night and I will >appreciate > any help I can get. > > Thank you, > Walter the first thing to do is to read sufficient doco to enable you to prevent those error messages from occurring. raf _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
