On 13/02/2008, Zach <netrek@gmail.com> wrote: > On Feb 12, 2008 7:20 PM, Adrian Levi <adrian.levi@gmail.com> wrote: > > > > The topology of chains to tables is fundamentally different, In chains > > a packet that is to be forwarded must also go though the input and > > output chains. Under tables this packet only has to traverse the > > forward table, input and output tables only refer to packets destined > > for and from the firewall machine. > > Hi Adrian, > > Ah I see so we're dealing with apples and oranges here. Unfortunately yes. Someone probably has written a script but I wouldn't know where to find it. > > I am happy to post my tables script and you can use that as the basis > > of yours if you like. > > Thank you, that would be great. No worries. Mine was based heavily on MonMotha's firewall script, Modified to suit my purposes and needs. - You will need to edit it as well but that should be trivial. 2 network cards, plact the IP adresses of your clients to access the net in the ALLOWED_INET_CLIENTS variable and your LAN_IP range, set your network interfaces and comment out the port forwarding stuff. This script supports ingress and egress filtering. It will drop any packets from or to the Internet with private IP addresses. Only open the holes you need and you will be safer. This script is a little slow for me to load because of all the modprobes at the start. As soon as I got it working I dropped work on it never got back to tidy it up. But it should give you an idea on what you can do. Adrian -- 24x7x365 != 24x7x52 Stupid or bad maths? <erno> hm. I've lost a machine.. literally _lost_. it responds to ping, it works completely, I just can't figure out where in my apartment it is.
Attachment:
firewall.nat
Description: Binary data