Iptables newbie
Hello,
has a newbie to iptables I have some problems. I have a dsl-router which
is also my firewall. In my lan I want to host a game ( e.g. megamek ).
This game needs port 2346. So I thought the script I appended below
should work. The next thing is that my firewall didn't log the messages.
I get no message from the firewall if somebody want to connect to my
server and he is rejected. UDP messages or ICMP messages or other TCP
messages are logged. I run woody with 2.4 kernel same goes for the lan
machines.
Thanks in advance,
Christian
The script:
#!/bin/bash
UPLINK="ppp0"
INTERFACES="lo ppp0 eth1"
iptables -P INPUT DROP
iptables -A INPUT -i ! ${UPLINK} -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 2346 -m state --state NEW -j ACCEPT
iptables -A OUTPUT -p tcp -o ${UPLINK} -m state --state
NEW,ESTABLISHED -j ACCEPT
if [ -e /proc/sys/net/ipv4/tcp_ecn ]
then
echo 0 > /proc/sys/net/ipv4/tcp_ecn
fi
for x in ${INTERFACES}
do
echo 1 > /proc/sys/net/ipv4/conf/${x}/rp_filter
done
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o ${UPLINK} -j MASQUERADE
iptables -A INPUT -i ${UPLINK} -p tcp -j LOG --log-prefix "IPTABLES
TCP-IN: "
iptables -A OUTPUT -o ${UPLINK} -p tcp -j LOG --log-prefix "IPTABLES
TCP-OUT: "
iptables -A INPUT -i ${UPLINK} -j LOG --log-prefix "IPTABLES
PROTOCOL-X-IN: "
iptables -A OUTPUT -o ${UPLINK} -j LOG --log-prefix "IPTABLES
PROTOCOL-X-OUT: "
iptables -A INPUT -p tcp -i ${UPLINK} -j REJECT --reject-with tcp-reset
iptables -A INPUT -p udp -i ${UPLINK} -j REJECT --reject-with
icmp-port-unreachable
Reply to: