Can't connect to firewall
I have a basic proxy/firewall script:
I got this from aboutdebian.com
#!/bin/sh
# IPCHAINS FIREWALL script for the Linux 2.2 kernel.
# This script is a derivitive of the script presented in
# the IP Masquerade HOWTO page at:
# www.tldp.org/HOWTO/IP-Masquerade-HOWTO/stronger-firewall-examples.html
# It was simplified to coincide with the configuration of
# the sample system presented in the Guides section of
# www.aboutdebian.com
#
# PLEASE SET THE USER VARIABLES
# IN SECTIONS A AND B OR C
echo -e "\n\nSETTING UP IPCHAINS FIREWALL..."
# === SECTION A
# ----------- FOR EVERYONE
# SET THE _NETWORK_ ADDRESS OF YOUR INTERNAL NETWORK
# The default value below is for a 192.168.0.0 network.
# Note that the "/24" is a network mask of 255.255.255.0
# (meaning 24 bits - three octets - set to 1s). Similarly,
# a network mask of 255.255.0.0 would be "/16".
# Note that this is a NETWORK address - not the
# IP address of a specific device on the network.
# Enter the internal network's (or subnet's) network
# address for the INTLAN variable:
INTLAN="192.168.0.0/24"
# SET THE INTERFACE DESIGNATION FOR THE NIC CONNECTED TO YOUR INTERNAL NETWORK
# The default value below is for "eth0". This value
# could also be "eth1" if you have TWO NICs in your system.
# You can use the ifconfig command to list the interfaces
# on your system. The internal interface will likely have
# have an address that is in one of the private IP address
# ranges.
# Note that this is an interface DESIGNATION - not
# the IP address of the interface.
# Enter the internal interface's designation for the
# INTIF variable:
INTIF="eth0"
# SET THE INTERFACE DESIGNATION FOR YOUR "EXTERNAL" (INTERNET) CONNECTION
# The default value below is "ppp0" which is appropriate
# for a MODEM connection.
# If you have two NICs in your system change this value
# to "eth0" or "eth1" (whichever is opposite of the value
# set for INTIF above).
# Note that this is an interface DESIGNATION - not
# the IP address of the interface.
# Enter the external interface's designation for the
# EXTIF variable:
EXTIF="ppp0"
# ! ! ! ! ! Use ONLY Section B *OR* Section C depending on
# ! ! ! ! the type of Internet connection you have.
# === SECTION B
# ----------- FOR THOSE WITH STATIC PUBLIC IP ADDRESSES
# SET YOUR EXTERNAL IP ADDRESS
# If you specified a NIC (i.e. "eth0" or "eth1" for
# the external interface (EXTIF) variable above,
# AND if that external NIC is configured with a
# static, public IP address (assigned by your ISP),
# UNCOMMENT the following EXTIP line and enter the
# IP address for the EXTIP variable:
# EXTIP="your.static.IP.address"
# === SECTION C
# ---------- DIAL-UP MODEM, AND RESIDENTIAL CABLE-MODEM/DSL (Dynamic IP) USERS
# SET YOUR EXTERNAL INTERFACE FOR DYNAMIC IP ADDRESSING
# If you get your IP address dynamically from SLIP, PPP,
# BOOTP, or DHCP, UNCOMMENT the FOUR commands below.
# (No values have to be entered.)
# Note that if you are uncommenting these lines then
# the EXTIP line in Section B must be commented out.
# echo " Enabling Dynamic IP Addressing..."
# echo "1" > /proc/sys/net/ipv4/ip_dynaddr
# /sbin/ipchains -A input -j ACCEPT -i $EXTIF -s 0/0 67 -d 0/0 68 -p udp
# EXTIP="`/sbin/ifconfig ppp0 | grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`"
# -------- No more user variables beyond this point ------------------
echo " Loading required IPMASQ kernel modules..."
/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio
echo " Enabling IP forwarding..."
echo "1" > /proc/sys/net/ipv4/ip_forward
echo " Enabling IP Defragmentation..."
echo "1" > /proc/sys/net/ipv4/ip_always_defrag
# MASQ timeouts
#
# 2 hrs timeout for TCP session timeouts
# 10 sec timeout for traffic after the TCP/IP "FIN" packet is received
# 160 sec timeout for UDP traffic (Important for MASQ'ed ICQ users)
echo " Setting default timers..."
/sbin/ipchains -M -S 7200 10 160
echo " Internal interface: $INTIF"
echo " Internal network IP address is: $INTLAN"
echo " External interface: $EXTIF"
echo " External interface IP address is: $EXTIP"
echo " Setting up firewall rules..."
# INPUT RULES
#############################################################################
# Incoming, flush and set default policy of reject.
#
ipchains -F input
ipchains -P input REJECT
ipchains -A input -i $INTIF -s $INTLAN -d 0.0.0.0/0 -j ACCEPT
ipchains -A input -i $EXTIF -s $INTLAN -d 0.0.0.0/0 -l -j REJECT
ipchains -A input -i $EXTIF -s 0.0.0.0/0 -d $EXTIP/32 -j ACCEPT
ipchains -A input -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT
# OUTPUT RULES
#############################################################################
# Outgoing, flush and set default policy of reject.
#
ipchains -F output
ipchains -P output REJECT
ipchains -A output -i $INTIF -s 0.0.0.0/0 -d $INTLAN -j ACCEPT
ipchains -A output -i $EXTIF -s 0.0.0.0/0 -d $INTLAN -l -j REJECT
ipchains -A output -i $EXTIF -s $INTLAN -d 0.0.0.0/0 -l -j REJECT
ipchains -A output -i $EXTIF -s $EXTIP/32 -d 0.0.0.0/0 -j ACCEPT
ipchains -A output -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT
# FORWARD RULES
#############################################################################
# Forwarding, flush and set default policy of deny.
#
ipchains -F forward
ipchains -P forward DENY
ipchains -A forward -i $EXTIF -s $INTLAN -d 0.0.0.0/0 -j MASQ
echo " Firewall rule loading complete\n\n"
*************************************************
The proxy server dials automatically.
I can ping the proxy/firewall machine.
How do I get my machines windows/linux to connect to it???
I tried changing the gateway and filling in the proxy settings info in the browser.
DNS settings on debian proxy/firewall are correct.
What am I missing???
Reply to: