RE: Firewall help

To: <Henk.Roose@cwi.nl>, "Suranga Kasturiarachchi" <gnudotlinuxdotsuranga@gartexlk.com>
Cc: <debian-firewall@lists.debian.org>
Subject: RE: Firewall help
From: "Salvatore Filorizzo" <salvatore.filorizzo@cfwb.be>
Date: Tue, 5 Apr 2005 14:11:43 +0200
Message-id: <[🔎] GCEOIMGHNBHGPODJHAKNEEDFCCAA.salvatore.filorizzo@cfwb.be>
In-reply-to: <[🔎] 20050405110145.GS1440@namibia.cst.cwi.nl>

try with this script ....


#!/bin/sh

IPTABLES=/sbin/iptables
MODPROBE=/sbin/modprobe

#  forwarding

echo "1" > /proc/sys/net/ipv4/ip_forward



$MODPROBE ip_tables
$MODPROBE ip_conntrack
$MODPROBE iptable_filter
$MODPROBE iptable_nat
$MODPROBE iptable_mangle
$MODPROBE ipt_LOG
$MODPROBE ipt_limit
$MODPROBE ipt_state


$IPTABLES -F
$IPTABLES -X
$IPTABLES -Z

#===========================================================================
#

$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -P FORWARD DROP

#===========================================================================
=#

$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A OUTPUT -o lo -j ACCEPT

#===========================================================================
=#

$IPTABLES -A OUTPUT -o eth1 -j ACCEPT
$IPTABLES -A INPUT -i eth1 -j ACCEPT
$IPTABLES -A INPUT -i eth0 -m --state NEW,ESTABLISHED -j ACCEPT
$IPTABLES -A OUTPUT -o eth0 -m --state ESTABLISHED,RELATED -j ACCEPT



#===========================================================================
=#

$IPTABLES -A FORWARD -i eth0 -o eth1 -j ACCEPT
$IPTABLES -A FORWARD -o eth0 -i eth1 -j ACCEPT

#===========================================================================
#





$IPTABLES -t nat -A POSTROUTING -o eth1 -j MASQUERADE
-----Message d'origine-----
De : Henk.Roose@cwi.nl [mailto:Henk.Roose@cwi.nl]
Envoye : mardi 5 avril 2005 13:02
A : Suranga Kasturiarachchi
Cc : debian-firewall@lists.debian.org
Objet : Re: Firewall help


Suranga Kasturiarachchi wrote:

> Dear all,
>
> My Linux box has two interfaces(eth0 and eth1). and eth0 connected to
internet, eth1 connected to local LAN. the interfaces are using deferent ip.
what I want to do is, when the lacal lan user request the internet, I need
to resolve there request using iptable. i need to do it without using squid
proxy. My internet gateway is 202.51.140.129(eth0) and local land is
192.168.1.0 range.
>
> Please help me on this matter.

The simplest (though not the safest) way to do this:

echo 1 > /proc/sys/net/ipv4/ip_forward

modprobe iptable_nat

iptables --flush
iptables -t nat --flush
iptables -t mangle --flush

iptables --delete-chain
iptables -t nat --delete-chain
iptables -t mangle --delete-chain

iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

iptables -A INPUT  -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE


>
> thanks,
>
> suranga
>

Henk

--
Henk Roose <Henk.Roose@cwi.nl>
CWI - Centrum voor Wiskunde en Informatica
Centre for Mathematics and Computer Science
Amsterdam (NL)


--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org

Reply to:

References:
- Re: Firewall help
  - From: Henk.Roose@cwi.nl

Prev by Date: Re: rules for 2nd inteface on gateway
Next by Date: RE: Firewall help
Previous by thread: Re: Firewall help
Next by thread: RE: Firewall help
Index(es):
- Date
- Thread