[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: packet forwarding

Andrew Critchlow <a_critchlow@hotmail.com> wrote:
Hello everyone,
 
I am trying to set up a debian proxy such as this:
 
USER--------DEBIAN--------INTERNET
 
The debian box will have two network cards.
 
How can I set up the debian box to forward packets between the two networks? Do I have to set up packet forwarding by adding:
net.ipv4.ip_forward=1
into /etc/sysctl.conf
?
Many thanks
 
andrew.
You can use something like be below script to accomplish what you want.  This script assumes that you have dhcp3-server installed and configured to give your internal systems a private IP address and DNS routing information.  You can also configure them manually.  I usually name this script "local" and add it to init.d.
 
#!/bin/sh
# Setting up IP Fowarding - Firewall Rules - and starting DHCP server.
#Flush chains
iptables -F
#enable masquerade and forwarding
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
#for dynamic IP on external interface
echo 1 > /proc/sys/net/ipv4/ip_dynaddr
#denial of service protection
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
#turn on source address verification
echo 1 > proc/sys/net/ipv4/conf/eth0/rp_filter
#add route for DHCP clients
/sbin/route add -host 255.255.255.255 dev eth1
#Firewall Rules
#allow self access by loopback interface
iptables -A INPUT -i lo -p all -j ACCEPT
iptables -A OUTPUT -o lo -p all -j ACCEPT
#allow internal network
#iptables -A INPUT -i eth1 -p all -j ACCEPT
#allow established connections
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --tcp-option ! 2 -j REJECT --reject-with tcp-reset
#Allow Web
iptables -A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT
iptables -A INPUT -p udp -i eth0 --dport 80 -j ACCEPT
#allow DHCP
iptables -A INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport 67:68 -i eth0 -j ACCEPT
iptables -A INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport 67:68 -i eth1 -j ACCEPT
#drops all other connections
#iptables -p INPUT DROP
#or Firewall Rules
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 0:1023 --syn -j REJECT
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 2049 --syn -j REJECT
iptables -A INPUT -i eth0 -p udp -m udp --dport 0:1023 -j REJECT
iptables -A INPUT -i eth0 -p udp -m udp --dport 2049 -j REJECT
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 6000:6009 --syn -j REJECT
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 7100 --syn -j REJECT
#turn on DHCP for the internal net
/usr/sbin/dhcpd3 eth1
exit 0
Reply to: