On Tue, Jun 8, 2010 at 12:11 PM, Scott Hamer <[email protected]> wrote:
> echo 1 > /proc/sys/net/ipv4/ip_forward > > I've already this on my top of my script > > Default policies: Drop any incoming packets > accept the rest. > iptables -P INPUT DROP > iptables -P OUTPUT ACCEPT > iptables -P FORWARD ACCEP > > Masquerading will make machines from the LAN > look like if they were the router > iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE > > Do not allow new or invalid connections to reach your internal network > iptables -A FORWARD -i eth0 -m state --state NEW,INVALID -j DROP > > > Accept any connections from the local machine and lan > iptables -A INPUT -i lo -j ACCEPT > iptables -A INPUT -i eth1 -j ACCEPT > > > only accept from a certain ports > iptables -A INPUT -i $WAN -p tcp -m tcp --dport 22 -j ACCEPT > > My ssh listen on other port e.g. 3500 > > Accept related and established connections > iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > > > -- You received this message because you are subscribed to the Linux Users Group. To post a message, send email to [email protected] To unsubscribe, send email to [email protected] For more options, visit our group at http://groups.google.com/group/linuxusersgroup
