From: /dev/rob0 <rob0@gmx.co.uk>
To: netfilter@lists.netfilter.org
Subject: Re: IPTABLES PROBLEM
Date: Tue, 8 Nov 2005 13:08:00 -0600 [thread overview]
Message-ID: <200511081308.01754.rob0@gmx.co.uk> (raw)
In-Reply-To: <20051108170808.94047.qmail@web26603.mail.ukl.yahoo.com>
On Tuesday 2005-November-08 11:08, Micol lupen wrote:
> I have a lan whit 10 pc (use win9X) and have ip
Win9x? Ugly!
> //ETHERNET INTERFACE file conf.ps
> !/bin/bash
Missing the # at the beginning of that line. You don't really need a
"shabang" line at all for just running a few simple commands.
> ifconfig eth0 10.10.10.50 netmask 255.255.255.0
> ifconfig eth1 178.133.80.74 netmask 255.255.255.248
> route add -net default gw 178.133.80.73 netmask
> 255.255.255.248
> # END SCRIPT CONF.PS
Slackware will do this for you. Run "netconfig" or just edit
"/etc/rc.d/rc.inet1.conf".
> //--- I WRITE IN /etc/resolv.conf
> NAMESERVER=151.99.125.1
Nope. "nameserver 151.99.125.1".
> //--------FIREWALL SCRIPT firewall.ps
If at /etc/rc.d/rc.firewall, Slackware will run it for you.
> echo 1 > /proc/sys/net/ipv4/ip_forward
Normally this should come at the end. I put a "0" in at the beginning
and then "1" after firewall protections are in place. (Similar to the
script Rob posted just now.)
> $IPTAB -P INPUT DROP
> $IPTAB -P FORWARD DROP
Okay.
> $IPTAB -P OUTPUT DROP
Unless you know exactly what you plan to do with OUTPUT filtering, I
strongly suggest you give it up.
> # FROM LAN TO INTERNET
> $IPTAB -A INPUT -s 10.10.10.0/24 -i eth0 -j ACCEPT
No, that's from LAN to firewall machine. See "man iptables", near the
beginning, where the tables and their built-in chains are described.
> # FORWORDING
> $IPTAB -A FORWARD -i eth0 -s 10.10.10.0/24 -j ACCEPT
> $IPTAB -A FORWARD -i eth1 -d 10.10.10.0/24 -j ACCEPT
Okay. I think that would work, anyway. I do it differently, see next.
> # QUERY DNS (SERVER-> CLIENT)
> $IPTAB -A INPUT -i eth1 -p udp -s $NAMESERVER --sport
> 53 -m state --state ESTABLISHED -j ACCEPT
A simple --state RELATED,ESTABLISHED -j ACCEPT rule along with OUTPUT
policy of ACCEPT would do better. I put that rule in a "State" chain
and jump to State from both INPUT and FORWARD.
But that (INPUT) has nothing to do with your problem below.
> #NAT
> $IPTAB -t nat -A POSTROUTING -o eth1 -s 10.10.10.0/24
> -j SNAT --to $IPADD
Okay.
> WHEN I START TO FIREWALL THE CLIENT CAN'T TO GO TO
> INTERNET, HELP ME !!!!
And how are you diagnosing this? What did you try? What happened?
> P.S. excuse me for my bad english
Your English is fine. Work on your troubleshooting skills. :)
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
next prev parent reply other threads:[~2005-11-08 19:08 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-11-08 17:08 IPTABLES PROBLEM Micol lupen
2005-11-08 18:56 ` Rob Sterenborg
2005-11-08 19:08 ` /dev/rob0 [this message]
-- strict thread matches above, loose matches on Subject: below --
2008-09-05 11:12 iptables problem Cam Bazz
2008-09-05 12:39 ` Matt Zagrabelny
2008-09-05 15:35 ` Grant Taylor
2007-10-06 16:28 IPtables problem Per Jørgensen
2007-10-06 18:25 ` Pascal Hambourg
2007-01-26 11:19 Iptables problem Saurabh Mehrotra
2007-01-26 13:53 ` Ted Phelps
2007-01-26 14:17 ` Saurabh Mehrotra
2007-01-26 15:17 ` Ted Phelps
2007-01-26 15:49 ` Saurabh Mehrotra
2007-01-26 15:55 ` Ted Phelps
2006-10-19 4:52 tarak
2005-11-01 18:06 iptables problem Ashley M. Kirchner
2005-11-02 0:31 ` Buddy wu
2004-08-25 20:04 Iptables problem Jason Opperisano
2004-08-25 19:52 Marcelo Sinhorini
2004-08-26 0:24 ` Jose Maria Lopez
2003-08-13 17:09 Glenn Hancock
2003-08-13 17:36 ` Rob Sterenborg
2003-05-14 11:45 IPTables problem Tech
2003-05-13 15:13 iptables problem hare ram
2003-05-13 17:02 ` Guilherme Viebig
2003-05-14 11:17 ` hare ram
2003-05-14 11:38 ` Bikrant Neupane
2003-03-13 9:57 Iptables problem De Jager Laubscher
2003-03-13 10:16 ` Maciej Soltysiak
2002-12-12 11:52 IPtables Problem Amit Kumar Gupta
2002-11-27 3:26 iptables problem 김도균
2003-01-17 5:32 ` Raymond Leach
2003-01-18 0:35 ` Diego Sarasua
2002-10-04 17:55 IPTables Problem Niel Harper
2002-06-25 11:55 Iptables problem Paulo Andre
2002-06-25 11:57 ` Ramin Alidousti
2002-06-25 10:47 Paulo Andre
2002-06-25 11:51 ` Ramin Alidousti
[not found] <CC845BB8BC74D6119934000347DD23E87C0C09@jhbmail.autopage.co.za>
2002-06-24 16:03 ` Antony Stone
[not found] <CC845BB8BC74D6119934000347DD23E87C0C07@jhbmail.autopage.co.za>
2002-06-24 14:26 ` Antony Stone
[not found] <CC845BB8BC74D6119934000347DD23E87C0C01@jhbmail.autopage.co.za>
2002-06-21 14:44 ` Antony Stone
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200511081308.01754.rob0@gmx.co.uk \
--to=rob0@gmx.co.uk \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox