correct set-up on a router...
i have a router connected to the internet 24/7 and setting up a
router/firewal for a department of mathematics:
(maths cloud) --- [router/firewall] --- internet
the routing works, dns works but firewall does not. if i run the
configuration script (included), ssh session to the router stops
responding after about a minute (until a cron job re-sets the firewall
to open one).
i have been trying with no success for a while now.
any ideas about what i have done wrong?
vladimir
ps: the configuration script (the ip network string for allowing ssh to
the router is changed to <allowed-network>)
#! /bin/sh
# maths router: netfilter setup
# flush the rules
iptables -F
# drop all input packets by default
iptables -P INPUT DROP
# drop all forward packets by default
iptables -P FORWARD DROP
# loopback:
iptables -A INPUT -i lo -j ACCEPT
# eth0 (the maths side)
# to be changed
iptables -A INPUT -i eth0 -j ACCEPT
# eth1 (the internet side):
iptables -A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
# router daemons
iptables -A INPUT -i eth1 -p tcp -m state --state NEW -m tcp --dport 346
-j ACCEPT
iptables -A INPUT -i eth1 -p tcp -m state --state NEW -m tcp --dport
2600 -j ACCEPT
iptables -A INPUT -i eth1 -p tcp -m state --state NEW -m tcp --dport
2601 -j ACCEPT
iptables -A INPUT -i eth1 -p tcp -m state --state NEW -m tcp --dport
2604 -j ACCEPT
# ssh (all interfaces)
iptables -A INPUT -s <allowed-network>/16 -p tcp -m state --state NEW -m
tcp --dport 22 -j ACCEPT
iptables -A INPUT -s <allowed-network>/16 -p udp -m state --state NEW -m
udp --dport 22 -j ACCEPT
# forward (routing)
# accept what was already accepted
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
# ssh
iptables -A FORWARD -p tcp -m state --state NEW -m tcp --dport 22 -j
ACCEPT
iptables -A FORWARD -p udp -m state --state NEW -m udp --dport 22 -j
ACCEPT
# http
iptables -A FORWARD -p tcp -m state --state NEW -m tcp --dport 80 -j
ACCEPT
iptables -A FORWARD -p udp -m state --state NEW -m udp --dport 80 -j
ACCEPT
#https
iptables -A FORWARD -p tcp -m state --state NEW -m tcp --dport 443 -j
ACCEPT
iptables -A FORWARD -p udp -m state --state NEW -m udp --dport 443 -j
ACCEPT
# smtp
iptables -A FORWARD -p tcp -m state --state NEW -m tcp --dport 25 -j
ACCEPT
# smtp over ssl
iptables -A FORWARD -p tcp -m state --state NEW -m tcp --dport 465 -j
ACCEPT
# jet direct
iptables -A FORWARD -p tcp -m state --state NEW -m tcp --dport 9100 -j
ACCEPT
Reply to: