The only traffic you ever allow out on ppp0 is SSH. No other traffic is allowed...
I would recommend you to look over what the purpose of your firewall rules are. Regards Henrik On Sun, 28 Dec 2003, Vincent GAUVIN wrote: > Henrik Nordstrom wrote: > > Your INPUT and OUPUT rules looks a little odd.. but as you did not > > include the full ruleset it is hard to tell.. (iptables -L only gives > > a summary of the rules.. it is better to use iptables-save) > > Thank's a lot, Henrik, for interressing to my pb:-) > > here are my iptables rules (eth0 192.168.200.1/16 - eth1 10.0.0.1 on > ADSL-modem ethernet - workstations are on 192.168.200.10 to 60/16) > best Regards > Vincent > > #!/bin/sh > # > ############################################# > > # Vider les chaines > iptables -F > > # Supprimer d'eventuelles chaines perso > iptables -X > > # Pointage par defaut sur DROP > iptables -P INPUT DROP > iptables -P OUTPUT DROP > iptables -P FORWARD DROP > > # Pareil avec les tables nat et mangle mais pointent sur ACCEPT > iptables -t nat -F > iptables -t nat -X > > iptables -t nat -P PREROUTING ACCEPT > iptables -t nat -P POSTROUTING ACCEPT > iptables -t nat -P OUTPUT ACCEPT > > # Le serveur est sur > iptables -A INPUT -i lo -j ACCEPT > iptables -A OUTPUT -o lo -j ACCEPT > > # Le LAN est sur > iptables -A INPUT -i eth0 -j ACCEPT > iptables -A OUTPUT -o eth0 -j ACCEPT > > #ouvrir ssh > iptables -A INPUT -p tcp --dport 22 -i ppp0 -j ACCEPT > iptables -A OUTPUT -p tcp --sport 22 -o ppp0 -j ACCEPT > > # Mise en place du nat pour > # tout ce qui traverse la passerelle > # en sortant par ppp0 > # le LAN est en 192.168.0.0 > > iptables -t nat -A POSTROUTING -s 192.168.0.0/255.255.0.0 -o ppp0 -j > MASQUERADE > > iptables -A FORWARD -i eth0 -o ppp0 -m state --state > NEW,ESTABLISHED,RELATED -j ACCEPT > iptables -A FORWARD -i ppp0 -o eth0 -m state --state ESTABLISHED,RELATED -j > ACCEPT > echo 1 > /proc/sys/net/ipv4/ip_forward >
