ipmasq package ruleset
ipmasq seems to have solved my NAT and firewall issues. I have a small
network which just got upgraded to DSL. The firewall ruleset (shown by
iptables -L and iptables -t nat -L) seems to have been installed with the
ipmasq package. See output below.
Is this ruleset sufficient? Any improvements to be made for generic non
indusrial firewall?
Many thanks,
Joe.
Please cc me as i am not on list.
ssp2:/home/mrg# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
LOG all -- 127.0.0.0/8 anywhere LOG level
warning
DROP all -- 127.0.0.0/8 anywhere
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- localnet/24 anywhere
ACCEPT !tcp -- anywhere BASE-ADDRESS.MCAST.NET/4
LOG all -- localnet/24 anywhere LOG level
warning
DROP all -- localnet/24 anywhere
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- anywhere 10.0.0.3
ACCEPT all -- anywhere 10.255.255.255
LOG all -- anywhere anywhere LOG level
warning
DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- localnet/24 anywhere
ACCEPT all -- anywhere localnet/24
LOG all -- anywhere localnet/24 LOG level
warning
DROP all -- anywhere localnet/24
LOG all -- anywhere anywhere LOG level
warning
DROP all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- anywhere localnet/24
ACCEPT !tcp -- anywhere BASE-ADDRESS.MCAST.NET/4
LOG all -- anywhere localnet/24 LOG level
warning
DROP all -- anywhere localnet/24
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- 10.0.0.3 anywhere
ACCEPT all -- 10.255.255.255 anywhere
LOG all -- anywhere anywhere LOG level
warning
DROP all -- anywhere anywhere
ssp2:/home/mrg# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- localnet/24 anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ssp2:/home/mrg# uname -a
Linux ssp2 2.4.13-586-ext3 #1 Die Nov 6 00:09:32 CET 2001 i686 unknown
ssp2:/home/mrg# lsmod
Module Size Used by Tainted: P
usb-uhci 20804 0 (unused)
usbcore 48160 0 [usb-uhci]
ide-scsi 7552 0
lp 5152 0 (autoclean)
ipt_MASQUERADE 1216 1 (autoclean)
ipt_LOG 3168 7 (autoclean)
iptable_mangle 1728 0 (autoclean) (unused)
iptable_filter 1728 0 (autoclean) (unused)
iptable_nat 12788 0 [ipt_MASQUERADE]
ip_conntrack 12940 1 [ipt_MASQUERADE iptable_nat]
ip_tables 10432 7 [ipt_MASQUERADE ipt_LOG iptable_mangle
iptable_filter iptable_nat]
sg 26788 0 (unused)
parport_pc 23400 1 (autoclean)
ppscsi 11264 0
parport 23360 1 [lp parport_pc ppscsi]
scsi_mod 84536 2 [ide-scsi sg ppscsi]
3c59x 24584 2
nfs 68988 2
lockd 46816 1 [nfs]
sunrpc 58356 1 [nfs lockd]
linear 1344 0 (unused)
md 43360 0 [linear]
ide-floppy 11136 0
rtc 5432 0 (autoclean)
unix 13700 16 (autoclean)
ide-disk 6624 2 (autoclean)
ide-probe-mod 8112 0 (autoclean)
ide-mod 131244 2 (autoclean) [ide-scsi ide-floppy ide-disk
ide-probe-mod]
Joe Golden
The Stevens School of Peacham
thestevensschoolofpeacham.com
_________________________________________________________________
MSN Photos is the easiest way to share and print your photos:
http://photos.msn.com/support/worldwide.aspx
Reply to: