From: Micol lupen <galaxi_999@yahoo.it>
To: netfilter@lists.netfilter.org
Subject: IPTABLES PROBLEM
Date: Tue, 8 Nov 2005 18:08:07 +0100 (CET) [thread overview]
Message-ID: <20051108170808.94047.qmail@web26603.mail.ukl.yahoo.com> (raw)
Hi guys, thanks for all.
I have this problem whith iptables:,
Io gestisco una rete con 10 pc (indirizzo e'
I have a lan whit 10 pc (use win9X) and have ip
10.10.10.2 ecc..)
Tree days ago Telecom build in my farm the adsl (using
router adsl cisco )
i wont to create a firewall and use natting for pc
I build a pc whit Slackware 10.1
and i do this script:
----Information LAN--------
eth0: 10.10.10.50 netmask 255.255.255.0 (ETHO IS
connected to switch )
eth1:178.133.80.74 netmask 255.255.255.248 (IP
STATIC,GIVE ME THIS IP FROM TELECOM )
gatway 78.133.80.73 netmask 255.255.255.248
(GATWAY IP, GIVE ME THIS FROM TELECOM )
DNS 151.99.125.1 (DNS IP, GIVE ME FROM TELECOM )
------SCRIPT FOR ETHERNET
CONFIGURATION----------------
//ETHERNET INTERFACE file conf.ps
!/bin/bash
ifconfig eth0 10.10.10.50 netmask 255.255.255.0
ifconfig eth1 178.133.80.74 netmask 255.255.255.248
route add -net default gw 178.133.80.73 netmask
255.255.255.248
# END SCRIPT CONF.PS
//--- I WRITE IN /etc/resolv.conf
NAMESERVER=151.99.125.1
//--------FIREWALL SCRIPT firewall.ps
#!/bin/bash
IPTAB=iptables
NAMESERVER=151.99.125.1
IPADD=178.133.80.74
# IMPORTANT UTILITY
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 0 >
/proc/sys/net/ipv4/conf/all/accept_source_route
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo 1 >
/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 1 > /proc/sys/net/ipv4/conf/all/log_martians
#CLEAR ALL
$IPTAB -F
$IPTAB -X
$IPTAB -Z
$IPTAB -t nat -F
$IPTAB -t nat -X
# DROP ALL
$IPTAB -P INPUT DROP
$IPTAB -P FORWARD DROP
$IPTAB -P OUTPUT DROP
$IPTAB -A INPUT -i lo -j ACCEPT
$IPTAB -A OUTPUT -o lo -j ACCEPT
# FROM LAN TO INTERNET
$IPTAB -A INPUT -s 10.10.10.0/24 -i eth0 -j ACCEPT
# FORWORDING
$IPTAB -A FORWARD -i eth0 -s 10.10.10.0/24 -j ACCEPT
$IPTAB -A FORWARD -i eth1 -d 10.10.10.0/24 -j ACCEPT
# QUERY DNS (SERVER-> CLIENT)
$IPTAB -A INPUT -i eth1 -p udp -s $NAMESERVER --sport
53 -m state --state ESTABLISHED -j ACCEPT
$IPTAB -A INPUT -i eth1 -p tcp -s $NAMESERVER --sport
53 -m state --state ESTABLISHED
#QUERY DNS (CLIENT-> SERVER)
$IPTAB -A OUTPUT -o eth1 -p udp -d $NAMESERVER --dport
53 -m state --state NEW,ESTABLISHED -j ACCEPT
$IPTAB -A OUTPUT -o eth1 -p tcp -d $NAMESERVER --dport
53 -m state --state NEW,ESTABLISHED -j ACCEPT
#HTTP E HTTPS
$IPTAB -A INPUT -i eth1 -p tcp --sport 80 -m state
--state ESTABLISHED -j ACCEPT
$IPTAB -A OUTPUT -o eth1 -p tcp --dport 80 -m state
--state NEW,ESTABLISHED -j ACCEPT
$IPTAB -A INPUT -i eth1 -p tcp --sport 443 -m state
--state ESTABLISHED -j ACCEPT
$IPTAB -A OUTPUT -o eth1 -p tcp --dport 443 -m state
--state NEW,ESTABLISHED -j ACCEPT
#NAT
$IPTAB -t nat -A POSTROUTING -o eth1 -s 10.10.10.0/24
-j SNAT --to $IPADD
#fine
WHEN I START TO FIREWALL THE CLIENT CAN'T TO GO TO
INTERNET, HELP ME !!!!
P.S. excuse me for my bad english
REGADS
MICOL
Grazie mille
___________________________________
Yahoo! Mail: gratis 1GB per i messaggi e allegati da 10MB
http://mail.yahoo.it
next reply other threads:[~2005-11-08 17:08 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-11-08 17:08 Micol lupen [this message]
2005-11-08 18:56 ` IPTABLES PROBLEM Rob Sterenborg
2005-11-08 19:08 ` /dev/rob0
-- strict thread matches above, loose matches on Subject: below --
2008-09-05 11:12 iptables problem Cam Bazz
2008-09-05 12:39 ` Matt Zagrabelny
2008-09-05 15:35 ` Grant Taylor
2007-10-06 16:28 IPtables problem Per Jørgensen
2007-10-06 18:25 ` Pascal Hambourg
2007-01-26 11:19 Iptables problem Saurabh Mehrotra
2007-01-26 13:53 ` Ted Phelps
2007-01-26 14:17 ` Saurabh Mehrotra
2007-01-26 15:17 ` Ted Phelps
2007-01-26 15:49 ` Saurabh Mehrotra
2007-01-26 15:55 ` Ted Phelps
2006-10-19 4:52 tarak
2005-11-01 18:06 iptables problem Ashley M. Kirchner
2005-11-02 0:31 ` Buddy wu
2004-08-25 20:04 Iptables problem Jason Opperisano
2004-08-25 19:52 Marcelo Sinhorini
2004-08-26 0:24 ` Jose Maria Lopez
2003-08-13 17:09 Glenn Hancock
2003-08-13 17:36 ` Rob Sterenborg
2003-05-14 11:45 IPTables problem Tech
2003-05-13 15:13 iptables problem hare ram
2003-05-13 17:02 ` Guilherme Viebig
2003-05-14 11:17 ` hare ram
2003-05-14 11:38 ` Bikrant Neupane
2003-03-13 9:57 Iptables problem De Jager Laubscher
2003-03-13 10:16 ` Maciej Soltysiak
2002-12-12 11:52 IPtables Problem Amit Kumar Gupta
2002-11-27 3:26 iptables problem 김도균
2003-01-17 5:32 ` Raymond Leach
2003-01-18 0:35 ` Diego Sarasua
2002-10-04 17:55 IPTables Problem Niel Harper
2002-06-25 11:55 Iptables problem Paulo Andre
2002-06-25 11:57 ` Ramin Alidousti
2002-06-25 10:47 Paulo Andre
2002-06-25 11:51 ` Ramin Alidousti
[not found] <CC845BB8BC74D6119934000347DD23E87C0C09@jhbmail.autopage.co.za>
2002-06-24 16:03 ` Antony Stone
[not found] <CC845BB8BC74D6119934000347DD23E87C0C07@jhbmail.autopage.co.za>
2002-06-24 14:26 ` Antony Stone
[not found] <CC845BB8BC74D6119934000347DD23E87C0C01@jhbmail.autopage.co.za>
2002-06-21 14:44 ` Antony Stone
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20051108170808.94047.qmail@web26603.mail.ukl.yahoo.com \
--to=galaxi_999@yahoo.it \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox