From: kate <kate7234@yahoo.com>
To: netfilter@lists.netfilter.org
Subject: static IP to dynamic IP
Date: Fri, 15 Oct 2004 10:44:56 -0700 (PDT) [thread overview]
Message-ID: <20041015174456.20376.qmail@web21523.mail.yahoo.com> (raw)
Hi, I am trying to modify a fw script that would work
for my small lan, except I need to change references
of static IP and SNAT. to eth0 and MASQUERADE, - but
when I run the script it gives me Bad argument `eth0'
The script is below, with my notes on changes I've
made so far. Any help greatly appreciated.
#(1) Policies (default) - modified with notation
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
# (2) User defined chain for ACCEPTed TCP packets
iptables -N okay
iptables -A okay -p TCP --syn -j ACCEPT
iptables -A okay -p TCP -m state --state
ESTABLISHED,RELATED -j ACCEPT
iptables -A okay -p TCP -j DROP
# (3) INPUT chain rules
# Rules for incoming packets from LAN
iptables -A INPUT -p ALL -i eth1 -s 192.168.0.0/16 -j
ACCEPT
iptables -A INPUT -p ALL -i lo -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -p ALL -i lo -s 192.168.1.1 -j
ACCEPT
iptables -A INPUT -p ALL -i lo -s -i eth0 -j ACCEPT
## WAS -> ... 123.45.67.89 -j ACCEPT
iptables -A INPUT -p ALL -i eth1 -d 192.168.0.255 -j
ACCEPT
# Rules for incoming packets from Internet
# Packets for established connections
iptables -A INPUT -p ALL -d -i eth0 -m state --state
ESTABLISHED,RELATED -j ACCEPT
## WAS - > ... -d 123.45.67.89 -m...
# TCP Rules (edit as services needed)
iptables -A INPUT -p TCP -i eth0 -s 0/0
--destination-port 21 -j okay
iptables -A INPUT -p TCP -i eth0 -s 0/0
--destination-port 22 -j okay
iptables -A INPUT -p TCP -i eth0 -s 0/0
--destination-port 80 -j okay
iptables -A INPUT -p TCP -i eth0 -s 0/0
--destination-port 443 -j okay
# UDP Rules
# iptables -A INPUT -p UDP -i eth0 -s 0/0
--destination-port 53 -j okay
# iptables -A INPUT -p UDP -i eth0 -s 0/0
--destination-port 2074 -j okay
# ICMP rules
iptables -A INPUT -p ICMP -i eth0 -s 0/0 --icmp-type 8
-j ACCEPT
iptables -A INPUT -p ICMP -i eth0 -s 0/0 --icmp-type
11 -j ACCEPT
# (4) FORWARD chain rules
# Accept the packets we want to forward
iptables -A FORWARD -i eth1 -j ACCEPT
iptables -A FORWARD -m state --state
ESTABLISHED,RELATED -j ACCEPT
# (5) OUTPUT chain rules
# Only output packets with local addresses (no
spoofing)
iptables -A OUTPUT -p ALL -s 127.0.0.1 -j ACCEPT
iptables -A OUTPUT -p ALL -s 192.168.1.1 -j ACCEPT
iptables -A OUTPUT -p ALL -s -i eth0 -j ACCEPT
## WAS -> ... 123.45.67.89 -j ACCEPT
# (6) POSTROUTING chain rules
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
## was -> ... -j SNAT --to-source 123.45.67.89
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail
next reply other threads:[~2004-10-15 17:44 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-10-15 17:44 kate [this message]
2004-10-15 18:14 ` static IP to dynamic IP kate
2004-10-15 18:21 ` Rob Sterenborg
2004-10-15 18:22 ` Jason Opperisano
2004-10-15 18:41 ` kate
2004-10-15 18:55 ` Jason Opperisano
2004-10-15 19:17 ` kate
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20041015174456.20376.qmail@web21523.mail.yahoo.com \
--to=kate7234@yahoo.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.