A Simple firewall

Mon, 18 Feb 2002 15:43:57 -0800 

BlankFollowing the content of the very  good article in GNU/Linux magazine
France & in Linux Journal
I end up being able to ping any host (inside or outside my private network),
but I cannot do any TCP connexions what so ever ....
I did a 8.1 simple install  & worked out that S03iptables is invoked in
/etc/rc.d
The file iniitalizes a default tables with the "iptables-restore" command.
With "that" the traffic doe not go out of my local network ....

I made a script base on LJ 09/2001 : Taming the wild Netfilter... but only
pings reach the outside & I cannot worl out why it does when I alter some
lines & why it stops when altering others.

Could someone explain what i shoud modify to let TCP / UDP traffic reach out
?

Config is like that :

           eth0 (dhcpd)              eth1
   +---------------+ FW +--------------------+
       internet                                                     |
Internal network 192.168.1.xxx
                                                                       |






Thomas,


<firewall.sh>
#!/bin/bash
# set -x
echo -n "Firewall "
echo 0 > /proc/sys/net/ipv4/ip_forward
echo "deactivated"

# echo "Defining the routes"
# route add default eth0

echo "Defining the interfaces & some variables"
source net.vars

# Remove all the rules from the table
# ####################################
IPT=/sbin/iptables
${IPT} -F

for i in filter nat mangle
do
    echo "Flushing ${i}"
    ${IPT} -t ${i} -F
    ${IPT} -t ${i} -X
done

for i in INPUT OUTPUT FORWARD
do
    echo "Flushing ${i}"
    ${IPT} -F ${i}
done

echo "Deleting the filter table"
${IPT} -t filter -F
${IPT} -t filter -X

echo "Activation de la masquarade"
${IPT} -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -d 0/0 -j MASQUERADE

echo "Created filter rule"
${IPT} -t filter -N tcprules
${IPT} -t filter -A tcprules -i eth0   -m state --state
ESTABLISHED,RELATED -j ACCEPT
${IPT} -t filter -A tcprules -i ! eth0 -m state --state
    -j ACCEPT
${IPT} -t filter -A tcprules -i eth0   -m state --state
LID         -j DROP

${IPT} -t filter -A tcprules -i eth1 -m state --state ESTABLISHED,RELATED -j
ACCEPT
${IPT} -t filter -A tcprules -i eth1 -m state --state NEW                 -j
ACCEPT
${IPT} -t filter -A tcprules -i eth1 -m state --state NEW,INVALID         -j
ACCEPT

${IPT} -t filter -A INPUT   -j tcprules
${IPT} -t filter -A FORWARD -j tcprules

# ${IPT} -t filter -P INPUT     DROP
# ${IPT} -t filter -P FORWARD   DROP

echo -n "Firewall"
echo 1 > /proc/sys/net/ipv4/ip_forward
echo " activated"
echo
</firewall.sh>


--
Thomas SMETS
rue J. Wytsmanstraat 62
1050 Bruxelles
yahoo-id : smetsthomas

Attachment: Blank Bkgrd.gif
Description: GIF image

Reply via email to