rules in rc.firewall-2.4 ======================== $IPTABLES -P INPUT ACCEPT $IPTABLES -F INPUT $IPTABLES -P OUTPUT ACCEPT $IPTABLES -F OUTPUT $IPTABLES -P FORWARD DROP $IPTABLES -F FORWARD $IPTABLES -t nat -F
echo " FWD: Allow all connections OUT and only existing and related ones IN" $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT $IPTABLES -A FORWARD -j LOG #$IPTABLES -P FORWARD ACCEPT echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF" $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE iptables-save shows as flollows. [EMAIL PROTECTED] root]# iptables-save # Generated by iptables-save v1.2.7a on Fri Jul 25 11:38:54 2003 *filter :INPUT ACCEPT [2217:180139] :FORWARD DROP [0:0] :OUTPUT ACCEPT [2847:193028] -A FORWARD -i ppp0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i eth0 -o ppp0 -j ACCEPT -A FORWARD -j LOG COMMIT # Completed on Fri Jul 25 11:38:54 2003 # Generated by iptables-save v1.2.7a on Fri Jul 25 11:38:54 2003 *nat :PREROUTING ACCEPT [22:3613] :POSTROUTING ACCEPT [796:29232] :OUTPUT ACCEPT [796:29232] -A POSTROUTING -o ppp0 -j MASQUERADE COMMIT # Completed on Fri Jul 25 11:38:54 2003 But iptables -L shows forward as below which indicates less secure. ie anywhere to anywhere Any ex[lanations? [EMAIL PROTECTED] root]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere LOG all -- anywhere anywhere LOG level warning Chain OUTPUT (policy ACCEPT) target prot opt source destination -- L.V.Gandhi 203, Soundaryalahari Apartments, Lawsons Bay colony, Visakhapatnam, 530017 MECON, 5th Floor, RTC Complex, Visakhapatnam AP 530020 INDIA
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com