Re: problema regole iptables firewall di una lan

To: debian-italian@lists.debian.org
Subject: Re: problema regole iptables firewall di una lan
From: itom <itom_bo@yahoo.it>
Date: Mon, 12 Jan 2009 03:41:29 -0800 (PST)
Message-id: <[🔎] 30639bbf-a5a8-4e2a-8736-1f8a57a30bcd@i18g2000prf.googlegroups.com>
References: <[🔎] yGb7l.30380$J84.2921@tornado.fastwebnet.it> <[🔎] 7ef8b5740901020147t4767ba74t8df8fd1e4109c3b2@mail.gmail.com> <[🔎] 12e37309-5bd3-43e7-bd60-569b05e6dd5b@t39g2000prh.googlegroups.com> <[🔎] 7ef8b5740901020336u37067d0ao5033a63704e5510e@mail.gmail.com> <[🔎] 75abc2b1-2e34-4188-8454-52a84da5bedd@p2g2000prn.googlegroups.com> <[🔎] 7ef8b5740901030256n54a15486xd4b9308dcd16929@mail.gmail.com> <[🔎] b75c51e3-b29a-493a-8214-fbb078e51d2a@o40g2000prn.googlegroups.com> <[🔎] 97f6554e-6247-42b7-8055-aebc8a089aae@s1g2000prg.googlegroups.com> <[🔎] 7ef8b5740901070735t35054f5geb06c9195af23a76@mail.gmail.com>

ora dopo lunghe peripezie sembra funzionare a dovere; spero di non
aver fatto errori grossolani ma la rete va come volevo (pingo ed esco
con il gateway .254) tranne per la connesione ftp  (porta 21) dai
client (nel range) all'esterno che mi fa fare il login ma quando
lancio sul server remoto dir no mi ritorna nulla e mi da un errore
"only accept connection to 145.10.168.1"

script iptables............................................

#!/bin/bash

########## ATTIVO IL BRIDGE

ifconfig eth0 down
ifconfig eth1 down
ifconfig eth0 0.0.0.0
ifconfig eth1 0.0.0.0
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 eth1
sleep 1s;
dhclient br0
echo "bridge attivato.."
sleep 1s;

########## REGOLE IPTABLES

# definisco le variabili che utilizzo
WAN_IF="br0"
LAN_IF="eth2"

WAN_IP="145.10.168.1"
CLIENT_RANGE="145.10.168.2-145.10.168.130" # ssh, internet e posta
elettronica
AMMINSTRAZIONE="145.10.168.87-145.10.168.90" # oracle e prog
amministrazione
SERVER="145.10.168.2" # per Remote desktop

# delete all existing rules.
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X

# DEFAULT policies
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

# Always accept loopback traffic
iptables -A INPUT -i lo -j ACCEPT

# Allow established connections, and those not coming from the outside
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#iptables -A FORWARD -i eth0 -o eth1 -m state --state
ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $WAN_IF -m state --state ESTABLISHED,RELATED -j
ACCEPT
iptables -A FORWARD -p icmp -j ACCEPT

# WAN_IF open ports
iptables -A INPUT -i $WAN_IF -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i $WAN_IF -p udp --dport 53 -j ACCEPT
iptables -A FORWARD -i $WAN_IF -p udp --dport 53 -j ACCEPT

iptables -A FORWARD -i $WAN_IF -p tcp -m multiport --dports
53,80,443,8080 -j ACCEPT
iptables -A FORWARD -i $WAN_IF -p tcp -m iprange --src-range
$CLIENT_RANGE -m multiport --dports
21,22,23,25,110,115,993,995,389,1521,1526,1527,6667 -j ACCEPT

# accesso dall'esterno a un specifico pc per Remote Desktop
iptables -A INPUT -i $WAN_IF -p tcp -s $SERVER --dport 3389 -j ACCEPT
iptables -A INPUT -i $WAN_IF -p tcp -d $SERVER --dport 3389 -j ACCEPT
iptables -A FORWARD -i $WAN_IF -p tcp -s $SERVER --dport 3389 -j
ACCEPT
iptables -A FORWARD -i $WAN_IF -p tcp -d $SERVER --dport 3389 -j
ACCEPT

# LAN_IF open ports
iptables -A INPUT -i $LAN_IF -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i $LAN_IF -p tcp --dport 8080 -j ACCEPT

# enable ping
iptables -A INPUT -p icmp -m icmp --icmp-type echo-reply -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec
-j ACCEPT

# Masquerade.
iptables -t nat -A POSTROUTING -o $WAN_IF -j MASQUERADE

# to allow ip forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

Reply to:

Follow-Ups:
- Re: problema regole iptables firewall di una lan
  - From: itom <itom_bo@yahoo.it>

References:
- problema regole iptables firewall di una lan
  - From: itom <itom_bo@yahoo.it>
- Re: problema regole iptables firewall di una lan
  - From: "Dario Pilori" <penguin90@gmail.com>
- Re: problema regole iptables firewall di una lan
  - From: itom <itom_bo@yahoo.it>
- Re: problema regole iptables firewall di una lan
  - From: "Dario Pilori" <penguin90@gmail.com>
- Re: problema regole iptables firewall di una lan
  - From: itom <itom_bo@yahoo.it>
- Re: problema regole iptables firewall di una lan
  - From: "Dario Pilori" <penguin90@gmail.com>
- Re: problema regole iptables firewall di una lan
  - From: itom <itom_bo@yahoo.it>
- Re: problema regole iptables firewall di una lan
  - From: itom <itom_bo@yahoo.it>
- Re: problema regole iptables firewall di una lan
  - From: "Dario Pilori" <penguin90@gmail.com>

Prev by Date: Re: a proposito di ubuntu
Next by Date: Re: a proposito di ubuntu
Previous by thread: Re: problema regole iptables firewall di una lan
Next by thread: Re: problema regole iptables firewall di una lan
Index(es):
- Date
- Thread