[iptables] rules between subnets
Hello,
Since 1999 I was using SLINK with Linux 2.0.38 and ipfwadm on my
Router I was switching now to WOODA with Linux 2.4.(22|23) and
iptables because my Thomson SpeedTouch 330 USB-ADSL-Modem.
I have following Interfaces:
ppp0 ADSL wanadoo.fr
eth0 192.168.1.0/26 publicnet Web-Server, access-server, DNS, ...
eth1 192.168.1.64/25 privatenet Meine WS's, sql-Server, file-server
eth2 192.168.1.96/26 securenet The Office of my old Emploier... :-)
eth3 192.168.1./112/27 cybernet My CyberCenter
eth4 192.168.1.128/25 wavenet My Lucent ORINOCO COR 1100
OK, I have installed the Debian-Base, compiled a new Kernel for the
Router with all Netfilter-Modules I have found in the sources and
installed my SpeedTouch-Backport from SID, configured and it works.
Now a
adsl:~ > iptables -vL'
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT packets, 0 bytes)
pkts bytes target prot opt in out source destination
OK , next step: I have masqueraded my subnets with:
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
Great, all five Subnets can access the Internet...
Now I like to do following:
DENY anything in all Directions on the Router (!!!) and allow ACCEPT
only:
ppp0 --> eth0 eth3 eth4
eth* --> ppp0
eth0 --> eth4
eth1 --> eth0 eth2 eth3 eth4
eth2 --> eth0 eth3 eth4
eth3 --> eth0 eth4
eth4 --> eth0 eth3
With Linux 2.0.38 and ipfwadm it was easy but iptables ???
I was thinking it works like :
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -A FORWARD -o ppp0 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth4 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth2 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth3 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth4 -j ACCEPT
iptables -A FORWARD -i eth2 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth2 -o eth3 -j ACCEPT
iptables -A FORWARD -i eth2 -o eth4 -j ACCEPT
iptables -A FORWARD -i eth3 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth3 -o eth4 -j ACCEPT
iptables -A FORWARD -i eth4 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth4 -o eth3 -j ACCEPT
iptables -A FORWARD -i ppp0 -o eth0 -j ACCEPT
iptables -A FORWARD -i ppp0 -o eth3 -j ACCEPT
iptables -A FORWARD -i ppp0 -o eth4 -j ACCEPT
And I must note, that eth3 has its own firewall because I have in the
subnet a web/nfs-server and the Workstations...
Hmmm, it does not work...
The Next step is that I have a Virtual-Webserver at 192.168.1.14/26
which must be accessible and then the fileserver with its courier-imap
and the Webmail on 192.168.1.68/27.
How can I do it.
For some minutes I have cleared all Rules and Now I can access again
the Internet... I was on <http://netfilter.org/> but I do not
understand it very well...
Is there a iptables-Guru which can Help ?
Greetings
Michelle
--
Registered Linux-User #280138 with the Linux Counter, http://counter.li.org.
Reply to: