On Thursday 04 July 2002 3:06 pm, Stephan Viljoen wrote: > Firewall 1: > eth0 : 193.220.24.230 : uplink , Gateway : 193.220.24.193 > eth1 : 10.0.0.1/16 > > echo " enabling forwarding.." > echo "1" > /proc/sys/net/ipv4/ip_forward > $IPTABLES -F > $IPTABLES -X > $IPTABLES -P FORWARD ACCEPT > $IPTABLES -t nat -A POSTROUTING -s 10.0.0.1/16 -o eth0 -j MASQUERADE > $IPTABLES -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED > -j ACCEPT > $IPTABLES -A FORWARD -i eth1 -o eth0 -j ACCEPT
I don't see the point of you having these two FORWARDing rules when the default policy on this chain is ACCEPT ? It's just an open router. > Firewall 2: > eth0 : 193.220.24.8 > eth1 : 193.220.24.193 > eth2 : 192.168.1.1 > > $IPTABLES -F > $IPTABLES -X > $IPTABLES -P FORWARD ACCEPT > $IPTABLES -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED > -j ACCEPT > $IPTABLES -A FORWARD -i eth1 -o eth0 -j ACCEPT > > $IPTABLES -t nat -A POSTROUTING -s 192.168.1.1/24 -o $EXTIF -j MASQUERADE > $IPTABLES -A FORWARD -i eth0 -o eth2 -m state --state ESTABLISHED,RELATED > -j ACCEPT > $IPTABLES -A FORWARD -i eth2 -o eth0 -j ACCEPT Again, there's no point in having any of these four FORWARDing rules when the default policy is ACCEPT. This firewall is also simply an open router. Antony.
