On Saturday, November 16, 2002, at 10:26 AM, Jason Staudenmayer wrote:
Here's a very simple configuration that works. This assumes eth0 is outside, eth1 is inside. You should limit the services that are permitted to be forwarded from the ppp+ interfaces.Ok here's what I have (the long version).
#!/bin/sh
IPTABLES="/sbin/iptables"
$IPTABLES -F
$IPTABLES -F INPUT
$IPTABLES -F OUTPUT
$IPTABLES -F FORWARD
$IPTABLES -F -t mangle
$IPTABLES -F -t nat
$IPTABLES -X
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD DROP
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -i eth1 -j ACCEPT
$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A INPUT -p tcp -m state -i eth0 --state NEW --dport 1723 -j ACCEPT
$IPTABLES -A INPUT -p 47 -i eth0 -j ACCEPT
$IPTABLES -A FORWARD -m state -i eth1 --state NEW -j ACCEPT
$IPTABLES -A FORWARD -m state -i ppp+ --state NEW -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -o eth0 -j MASQUERADE
--
Jason Costomiris <><
E: jcostom {at} jasons {dot} org / W: http://www.jasons.org/
Quidquid latine dictum sit, altum viditur.
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
