Re: Iptables is driving me nuts (beginner)

To: Hal <klingons@speakeasy.org>
Cc: Mike Egglestone <megglestone@heritage.sd57.bc.ca>, debian-user@lists.debian.org
Subject: Re: Iptables is driving me nuts (beginner)
From: Organ Grinder <organgrinder@me.wiz-kid.com>
Date: Tue, 11 Mar 2003 12:32:04 +0000
Message-id: <[🔎] 3E6DD744.9070002@me.wiz-kid.com>
In-reply-to: <[🔎] 5FC22678-53B2-11D7-AE17-000393450708@speakeasy.org>
References: <[🔎] 5FC22678-53B2-11D7-AE17-000393450708@speakeasy.org>

Hi

If you want, give me information about what you do and dont want toallow thro, I'll create the rules for you in a email and explain them.


   - Regards -

            Organ Grinder



Hal wrote:

On Tuesday, March 11, 2003, at 02:21 AM, Mike Egglestone wrote:
Quoting n/a <test@pandora.be>:
Hello there,
For the past couple of days i've been looking into setting up an oldpc as a
firewall/router for a couple of students.
To do so i enabled iptables and started looking into configurationissues.Eventually i came up with a config that worked. haha. Then irealised thisconfig was fishy and started deleting lines as i went along. Nowalmost no
lines are left and the darned thing still works even after reboots,
re-loads, restarts.

Apparently there's something i'm not getting thru my thick skull about
packet filtering. Could someone explain to me in text (no diagrams)how apacket is evaluated and then processed tru the chains, also what isdone andnot-done any more after a packet has passed thru a chain. Somehow ihave theidea this config works from the lan to the outside but not from theoutside
to the lan or something.
Any good resources, tips, explanations are welcome. I'm to dumb forthis i
guess.
Hi,
Your not dumb, you use Debian don't you? :)

Perhaps check out www.tldp.org for how-to's on netfilter/iptables stuff.
To be basic, anything destined/orginating for/from your box will hitthe INPUT
and OUTPUT chains. Thats it.
Keep in mind that "your box" (above) refers only to your firewallmachine. INPUT and OUTPUT have nothing to do with to/from internet.Just into and out of the firewall where the firewall does someprocessing (e.g. When its using apt-get for an update).
Anything that is destined somewhere else. Will
only hit your FORWARD chain.
FORWARD is where you put the rules which deny or allow access betweenprotected machines behind the firewall and the internet. Asmentioned, its the default location for rules you write. Most of yourrules and effort should probably go here. Also remember rules aregenerally symmetric (applying to traffic in both direction) unless therule explicitly indicates incoming/outgoing interface. HTH
This is for your default "filter" table.
The "mangle" and "nat" tables are for other stuff. Usually nat is for
masquerading. Check out debian's ipmasq package for easy setup.

Good luck,

Cheers,
Mike









-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/


--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contactlistmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: Iptables is driving me nuts (beginner)
  - From: Hal Vaughan <hal@thresholddigital.com>

References:
- Re: Iptables is driving me nuts (beginner)
  - From: Hal <klingons@speakeasy.org>

Prev by Date: Zinc-devel-request, All Adult Channels, FREE.
Next by Date: Ext3
Previous by thread: Re: Iptables is driving me nuts (beginner)
Next by thread: Re: Iptables is driving me nuts (beginner)
Index(es):
- Date
- Thread