Hi All,
meron akong RH9 box na konektado sa myDSL at ito ay nagsisilbing gateway
para sa internet access ng aking mga workstations. Ito ay gumagamit
lamang ng iptables para mag masquerade. Ang nakapagtataka, hindi
makapagpadala ang mga workstations ng e-mail at nagtatimeout ito.
Gayundin kung i-piping ko ang internet, bahagya lamang siyang sumasagot
at sa kalaunan ay nata-timeout din. Tinignan ko ang firewall rules ko,
ngunit wala naman akong makitang problema, eto ang nilalaman ng aking
firewall script:
-------
#!/bin/bash
UPLINK="ppp0"
ROUTER="yes"
NAT="dynamic"
INTERFACES="lo eth0"
SERVICES="sshd"
if [ "$1" = "start" ]
then
echo "Starting firewall..."
iptables -P INPUT DROP
iptables -A INPUT -i ! ${UPLINK} -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
for x in ${SERVICES}
do
iptables -A INPUT -p tcp --syn --dport ${x} -m state --state NEW -j
ACCEPT
done
iptables -A INPUT -p tcp
-i ${UPLINK} -j REJECT --reject-with tcp-reset
iptables -A INPUT -p udp -i ${UPLINK} -j REJECT --reject-with
icmp-port-unreachable
if [ -e
/proc/sys/net/ipv4/tcp_ecn ]
then
echo 0 > /proc/sys/net/ipv4/tcp_ecn
fi
for x in ${INTERFACES}
do
echo 1 > /proc/sys/net/ipv4/conf/${x}/rp_filter
done
if [ "$ROUTER" = "yes" ]
then
echo 1 > /proc/sys/net/ipv4/ip_forward
if [ "$NAT" = "dynamic" ]
then
echo "Enabling masquerading (dynamic ip)..."
iptables -t nat -A POSTROUTING -s 192.168.0.0/24
-o ${UPLINK} -j MASQUERADE
elif [ "$NAT" != "" ]
then
echo "Enabling SNAT (static ip)..."
iptables -t nat -A POSTROUTING -o ${UPLINK} -j
SNAT --to ${NAT}
fi
fi
elif [ "$1" = "stop" ]
then
echo "Stopping firewall..."
iptables -F INPUT
iptables -P INPUT ACCEPT
#turn off NAT/masquerading, if any
iptables -t nat -F POSTROUTING
fi
----------
Ano sa palagay ninyo ang sanhi?
Salamat.
--
Philippine Linux Users' Group (PLUG) Mailing List
[EMAIL PROTECTED] (#PLUG @ irc.free.net.ph)
Official Website: http://plug.linux.org.ph
Searchable Archives: http://marc.free.net.ph
.
To leave, go to http://lists.q-linux.com/mailman/listinfo/plug
.
Are you a Linux newbie? To join the newbie list, go to
http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
