RE: Help with a firewall script - John A. Sullivan III

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "John A. Sullivan III" <jsullivan@opensourcedevel.com>
To: "John P. Lang" <john@langherd.com>
Cc: netfilter@lists.netfilter.org
Subject: RE: Help with a firewall script
Date: Sat, 24 Dec 2005 19:11:08 -0500	[thread overview]
Message-ID: <1135469468.2584.12.camel@localhost> (raw)
In-Reply-To: <004b01c608d9$7991c6c0$6f64a8c0@langherd.com>

The first rule changes the source address so the packet can traverse the
internet. The second rule is allowing the outbound packet but you will
need a rule to allow the reply packets such as:

iptables -I FORWARD 1 -m state --state ESTABLISHED,RELATED -j ACCEPT

You can find an excellent tutorial at
http://iptables-tutorial.frozentux.net
There are also some slightly dated training slide shows in the training
section of the ISCS network security management project web site at
http://iscs.sourceforge.net

Hope it helps - John

On Sat, 2005-12-24 at 14:29 -0800, John P. Lang wrote:
> John,
> 
> This is exactly where my confusion lies... I thought that
> 
> > $IPT --table nat --append POSTROUTING --out-interface $EXTNIC -j
> MASQUERADE
> > 
> > $IPT --append FORWARD --in-interface $INTNIC -j ACCEPT
> 
> Would basically allow all of the traffic to go through.
> Can you point me to a proper tutorial or example on how to properly do this?
> 
> Thanks,
> John
> 
> > 
> After a very quick look, it appears that you are allowing outbound
> traffic from the internal NIC but where are you allowing the reply
> packets? Do you have a RELATED,ESTABLISHED rule anywhere? - John
-- 
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan@opensourcedevel.com

Financially sustainable open source development
http://www.opensourcedevel.com

next prev parent reply	other threads:[~2005-12-25  0:11 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-12-24 19:02 Help with a firewall script John P. Lang
2005-12-24 19:37 ` John A. Sullivan III
2005-12-24 22:29   ` John P. Lang
2005-12-25  0:11     ` John A. Sullivan III [this message]
2005-12-25  6:04       ` John P. Lang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1135469468.2584.12.camel@localhost \
    --to=jsullivan@opensourcedevel.com \
    --cc=john@langherd.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.