Hi, I have this very simple firewallscript which should a couple of ports to a system on the intranet. Symptom; it doesn't work. Anyone have a clue what I'm doing wrong here? $1 is the interface to the internet (ppp0) eth1 is the intranet
/usr/sbin/iptables -F INPUT /usr/sbin/iptables -F OUTPUT /usr/sbin/iptables -F FORWARD /usr/sbin/iptables -P INPUT ACCEPT /usr/sbin/iptables -P FORWARD DROP /usr/sbin/iptables -A INPUT -i eth1 -s 192.168.0.0/23 -d 0/0 -j ACCEPT /usr/sbin/iptables -A FORWARD -i $1 -o eth1 -p tcp -d 192.168.0.101 --dport 25 -j ACCEPT /usr/sbin/iptables -A FORWARD -i $1 -o eth1 -p tcp -d 192.168.0.25 --dport 80 -j ACCEPT /usr/sbin/iptables -A FORWARD -i $1 -o eth1 -p tcp -d 192.168.0.101 --dport 110 -j ACCEPT /usr/sbin/iptables -A FORWARD -i $1 -o eth1 -p tcp -d 192.168.0.101 --dport 10000 -j ACCEPT /usr/sbin/iptables -A FORWARD -i $1 -o eth1 -p tcp -d 192.168.0.101 --dport 10001 -j ACCEPT /usr/sbin/iptables -A FORWARD -i eth1 -o $1 -j ACCEPT /usr/sbin/iptables -A FORWARD -o eth1 -i $1 -m state --state ESTABLISHED,RELATED -j ACCEPT /usr/sbin/iptables -A INPUT -i $1 -d 192.168.0.0/24 -j DROP /usr/sbin/iptables -A INPUT -i $1 -s 192.168.0.0/24 -d 0/0 -j DROP /usr/sbin/iptables -A INPUT -i eth1 -s 0/0 -d 0/0 -j DROP /usr/sbin/iptables -t nat -A POSTROUTING -o $1 -s 192.168.0.0/24 -j MASQUERADE /usr/sbin/iptables -A PREROUTING -t nat -p tcp -d SECRET --dport 25 -j DNAT --to-destination 192.168.0.101:25 /usr/sbin/iptables -A PREROUTING -t nat -p tcp -d SECRET --dport 80 -j DNAT --to-destination 192.168.0.25:80 /usr/sbin/iptables -A PREROUTING -t nat -p tcp -d SECRET --dport 110 -j DNAT --to-destination 192.168.0.101:110 /usr/sbin/iptables -A PREROUTING -t nat -p tcp -d SECRET --dport 10000 -j DNAT --to-destination 192.168.0.101:80 /usr/sbin/iptables -A PREROUTING -t nat -p tcp -d SECRET --dport 10001 -j DNAT --to-destination 192.168.0.101:443 p.s. what line should I add if i want to shield the other ports? (1-1023, not 25,80,110 and ssh)
