Go to the ipmasquarade resource site.
Copy down their two example firewalls.
Both are proper implementations of what you have below.
http://ipmasq.cjb.net/
{^_^}
----- Original Message -----
From: "Michael Schwendt" <[EMAIL PROTECTED]>
> On Sun, 26 Jan 2003 01:47:11 -0500, Buck wrote:
>
> > I just followed the instructions in 'Red Hat Linux 8 For Dummies' to
> > setup a firewall.
> >
> > For some reason it doesn't work.
> >
> > The book uses an example for a modem, but I need to make it work for
> > an Ethernet. There is only one NIC in the computer and the LAN going
> > to the internet is connected to it.
> >
> > I tried it verbatim to the book and failed.
>
> Are you sure? If exactly that example is printed in the book, the
> book is crap.
>
> > One line has an error so I
> > changed it. The changed line is marked with an asterisk.
> >
> > iptables --flush
> > iptables --flush -t nat
> > iptables -A INPUT -j DROP
> > iptables -A OUTPUT -j DROP
>
> Basically, what each of the two commands above does at that position
> in the script, is putting a rule at the _beginning_ of a chain which
> drops all packets. It becomes clear when you use the long options:
>
> iptables --flush
> iptables --flush --table nat
> iptables --append INPUT --jump DROP
> iptables --append OUTPUT --jump DROP
>
> Both INPUT and OUTPUT chain are empty (flushed), so "--append"
> stores the next rule as the first rule in the chain. That rule tells
> the packet filter to drop everything. Any subsequent rules are not
> evaluated at all.
>
> > iptables -A OUTPUT -j ACCEPT -o lo
> > iptables -A INPUT j ACCEPT -i lo
> > * iptables -A INPUT -j ACCEPT -i lo
> > iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
> > iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> >
> > When I turn off the firewall, I can access the internet, but with it
> > on, I cannot access the internet.
>
> Replace the two wrong rules with:
>
> iptables --policy INPUT DROP
> iptables --policy OUTPUT DROP
>
> That is what would make sense.
--
Psyche-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/psyche-list
