Re: using apt through firewall ... (what am i missing ?...)

To: debian-firewall@lists.debian.org
Subject: Re: using apt through firewall ... (what am i missing ?...)
From: CaRLoS mOGUeL <carlos_moguel@yahoo.com>
Date: Tue, 19 Aug 2003 07:37:34 -0700 (PDT)
Message-id: <[🔎] 20030819143734.67361.qmail@web10502.mail.yahoo.com>
In-reply-to: <[🔎] 200308181629.47219.tarragon@onthe.net.au>

Thank You ! ... it worked just fine.

But I missing the last DROP rule, is this ok at the
end of my script?.

iptables -A INPUT -j DROP

Blessings...

Carlos.

--- Tarragon Allen <tarragon@onthe.net.au> wrote:
> On Monday 18 August 2003 14:38, CaRLoS mOGUeL wrote:
> > Blessings All...
> >
> > I'm trying to set up my Home-LAN Firewall... but I
> > cant  apt-get... what am I missing ?. I just need
> the
> > masquerading and ssh connection only from my LAN.
> >
> > Advices ?... opinions ?.
> 
> > # Input, Forward and Output...
> > iptables -P INPUT DROP
> > iptables -P FORWARD DROP
> > iptables -P OUTPUT ACCEPT
> 
> First things first, as a general rule I don't use
> DROP policy on the INPUT or 
> OUTPUT chains, for the sole reason that an
> accidently 'iptables -F' at the 
> wrong time can kill your access to the machine.
> Better to leave the policy as 
> ACCEPT and put a DROP rule at the end of your rules
> instead.
> 
> > # Input States...
> > iptables -A INPUT -p tcp -m state --state
> > RELATED,ESTABLISHED -j ACCEPT
> 
> Drop the "-p tcp". You want to allow other related
> protocols back in, such as 
> icmp.
> 
> > # Accepting the LoopBack...
> > iptables -A INPUT -p tcp -i lo -j ACCEPT
> >
> > # Accepting SSH from the LAN... for admin things.
> > iptables -A INPUT -p tcp --dport 22 -i
> $LAN_INTERFACE
> > -j ACCEPT
> 
> Looks ok.
> 
> > # Forwarding States...
> > # Accepting Forwarding to Related and Established
> > # States...apt should work here, right ?.
> > iptables -A FORWARD -p tcp -m state --state
> > RELATED,ESTABLISHED -j ACCEPT
> 
> Drop the "-p tcp".
> 
> > # Accepting Forwarding from the LAN...
> > iptables -A FORWARD -p tcp -s $LAN_IP_ADDRESS -j
> > ACCEPT
> 
> You should add "-m state --state NEW" to this line,
> and also drop the "-p 
> tcp".
> 
> > # Masquerading the LAN...
> > iptables -t nat -A POSTROUTING -s $LAN_IP_ADDRESS
> -j
> > MASQUERADE
> 
> I think you may need to specify the output
> interface, ie: '-o ppp0', otherwise 
> netfilter won't know what IP address to masquerade
> the connection as.
> 
> Hope this helps.
> 
> t
> -- 
> GPG: http://n12turbo.com/tarragon/public.key
> 
> 
> -- 
> To UNSUBSCRIBE, email to
> debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> 


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

Reply to:

Follow-Ups:
- Re: using apt through firewall ... (what am i missing ?...)
  - From: Tarragon Allen <melange@n12turbo.com>

References:
- Re: using apt through firewall ... (what am i missing ?...)
  - From: Tarragon Allen <tarragon@onthe.net.au>

Prev by Date: unsuscribe
Next by Date: Re: using apt through firewall ... (what am i missing ?...)
Previous by thread: Re: using apt through firewall ... (what am i missing ?...)
Next by thread: Re: using apt through firewall ... (what am i missing ?...)
Index(es):
- Date
- Thread