Re: please help by iptables FORWARD...
Did you look at the pkt ctr(s) "-L -v". Also for "-o eth0" try using "-m
state --state ESTABLISHED,RELATED -j ACCEPT".
ALSO don't forget to let DNS and other CRITICAL services throught, dnsmasq
is a good ?dns proxy?.
--- daniel krueger <trade@shstahr.de> wrote:
> good morning,
>
> i´m trying to set up my redhat router a little bit more save, here is my
> actual setup.
>
> # delete old rules
> iptables -F
> iptables -t nat -F
>
> # enable masquerading
> iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
>
> # enable ip_forwarding
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> # set standard chain policies to DROP
> iptables -P INPUT DROP
> iptables -P FORWARD DROP
> iptables -P OUTPUT DROP
>
> # set INPUT rules
> iptables -A INPUT -p tcp -s 192.168.1.0/24 -i eth0 --dport 22 -j ACCEPT
>
> # set FORWARD rules
> iptables -A FORWARD -s 192.168.1.0/24 -i eth0 -o ppp0 -j ACCEPT
> iptables -A FORWARD -d 192.168.1.0/24 -i ppp0 -o eth0 -j ACCEPT
>
> # set OUTPUT rules
> iptables -A OUTPUT -p tcp -d 192.168.1.0/24 -o eth0 --sport 22 -j ACCEPT
>
> All works fine but all traffic and all ports are able to use but that's
> not
> what i want.
>
> Now, i delete the FORWARD rules and changed it to:
>
> iptables -A FORWARD -s 192.168.1.0/24 -p tcp --dport 80 -i eth0 -o ppp0
> -j
> ACCEPT
> iptables -A FORWARD -d 192.168.1.0/24 -p tcp --sport 80 -i ppp0 -o eth0
> -j
> ACCEPT
>
> in hope to forward only http traffic but it dosn't work.
>
> can anyone help, please ?
>
>
> best wishes
>
> Daniel Krueger
>
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
__________________________________
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs
http://hotjobs.sweepstakes.yahoo.com/careermakeover
Reply to: