help building nat/firewall script
I'm trying to build a relatively simple firewall/nat script for my
computer. Right now, I want two computers in my house to share a ppp
connection. But mainly, I want to have a good, secure firewall working
when I go back to school and will have the same setup with a cablemodem.
In previous semesters, I ran an ipchains firewall for my cablemodem. But
the masquerading/firewall script, I just searched the 'net until I
found one that looked appropriate for me, made a few changes, and deployed
it. Now that I've upgraded to kernel 2.4 and need an iptables script, I
would like to actually know what's going on with my firewall (rather than
just accepting someone's pre-made on on blind faith :)
So I read some introductory tutorials, and looked at some sample iptables
scripts, and tried to create my own. It doesn't work as I hoped it would
(or I wouldn't be posting to the list!). I basically just cut'n'pasted
bits that seemed appropriate from other folks' firewall scripts. Although
I understand the iptables commands' syntax, and what they are *supposed*
to do, I'm not completely sure what the underlying implications are.
So if anyone is interested in helping me build a solid, secure-as-possible
firewall, my "work in progress is here":
http://www.students.uiuc.edu/~garman/firewall.txt
Right now, if I run this script on my machine with an established ppp
connection, I can use *my computer* normally (i.e., all of my internet
functionality is there), but I cannot communicate with the other computer
on my LAN (can't ping it, it can't ping me, and obviously it can't use my
dialup connection).
If anyone can help out, it would be sincerely appreciated!
Thanks,
Matt
--
Matt Garman, garman@uiuc.edu
"I'll tip my hat to the new constitution, Take a bow for the new revolution
Smile and grin at the change all around, Pick up my guitar and play
Just like yesterday, Then I'll get on my knees and pray..."
-- Pete Townshend/The Who, "Won't Get Fooled Again"
Reply to: