If you place them in /etc/sysconfig/iptables After a reboot the rules will be in effect. Or if you don't want to reboot /et/rc.d/init.d/iptables restart Will read the new rules and activate them
-----Original Message----- From: Rudik Amirjanyan [mailto:[EMAIL PROTECTED] Sent: Sunday, August 31, 2003 1:34 PM To: [EMAIL PROTECTED] Subject: Re: IP tables help Thanks for help, but now in wich file shal I put this entries, and what must I do for keeping the configuration after server reboot ? Thanks. ----- Original Message ----- From: "Alexey Fadyushin" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, August 31, 2003 7:29 PM Subject: Re: IP tables help > Did you note the last line in the INPUT chain? > The firewall will not accept anything not listed in the first two lines > of the INPUT chain regardless of the default policy because the > catch-all > REJECT rule in the chain will be always used instead of the default > policy. > > The default ACCEPT policy is just a precaution intended to be used when > something happens during the loading of rules. In that case the REJECT > or DROP default policy may prevent further communication with the > machine > if the rule which allows, for example, SSH and rules that folow it > has not been loaded due to some error. > > Alexey Fadyushin > Brainbench MVP for Linux > http://www.brainbench.com > > Jason Staudenmayer wrote: > > > > I would change that 'INPUT ACCEPT' to DROP or else the firewall really isn't > > a firewall since it will accept anything. > > > > -----Original Message----- > > From: Alexey Fadyushin [mailto:[EMAIL PROTECTED] > > Sent: Sunday, August 31, 2003 11:42 AM > > To: [EMAIL PROTECTED] > > Subject: Re: IP tables help > > > > I think that the following configuration will help. > > Put the following lines in /etc/sysconfig/iptables: > > > > *nat > > :PREROUTING ACCEPT > > :POSTROUTING ACCEPT > > :OUTPUT ACCEPT > > -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source <YOUR EXTERNAL > > ADDRESS HERE> > > COMMIT > > > > *filter > > :INPUT ACCEPT > > :FORWARD ACCEPT > > :OUTPUT ACCEPT > > -A INPUT -i eth1 -j ACCEPT > > -A INPUT -i eth0 -p tcp -m multiport --destination-port > > ssh,http,ftp,ftp-data,smtp -j ACCEPT > > -A INPUT -j REJECT > > -A FORWARD -i eth0 -o eth1 -d 192.168.1.0/24 -j ACCEPT > > -A FORWARD -i eth1 -o eth0 -s 192.168.1.0/24 -j ACCEPT > > -A FORWARD -j DROP > > COMMIT > > > > Alexey Fadyushin > > Brainbench MVP for Linux > > http://www.brainbench.com > > > > Rudik Amirjanyan wrote: > > > > > > Hello > > > In my small office we have local lan 192.168.1.0 and we have put a RH9 as > > a > > > router, and want to masquerade the local ip addreses of the network. The > > > server has 2 interfaces, eth0 whit global IP adress, and eth1 192.168.1.1. > > > we want to open only ssh, ftp, www, mail, ports from outsaid, and > > everewhere > > > from local lan. > > > We have setup iptables, but do not know how to make it work. the question > > > is, > > > what entries must be in the /etc/sysconfig/iptables file to work the > > > firewall properly. > > > Any halp is appreciated. > > > > > > Thanks. > > > > > > -- > > > redhat-list mailing list > > > unsubscribe mailto:[EMAIL PROTECTED] > > > https://www.redhat.com/mailman/listinfo/redhat-list > > > > -- > > redhat-list mailing list > > unsubscribe mailto:[EMAIL PROTECTED] > > https://www.redhat.com/mailman/listinfo/redhat-list > > > > -- > > redhat-list mailing list > > unsubscribe mailto:[EMAIL PROTECTED] > > https://www.redhat.com/mailman/listinfo/redhat-list > > > -- > redhat-list mailing list > unsubscribe mailto:[EMAIL PROTECTED] > https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
