LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 08-14-2002, 08:50 PM   #1
rob_roman23
Member
 
Registered: May 2002
Location: Hoboken NJ
Distribution: Red Hat 7.1,7.3,8.0
Posts: 58

Rep: Reputation: 15
DHCP Iptables


I am having the dardnest time getting rid of these damn things in my logs can someone please help!!!

Aug 14 21:48:17 Anekin kernel: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:60:1d:f7:a0:52:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328
TOS=0x00 PREC=0x00 TTL=255 ID=24992 DF PROTO=UDP SPT=68 DPT=67 LEN=308


External Interface: eth1
Internal Interface: eth0
---
---
Internal Network: 10.10.10.0/24
Internal IP: 10.10.10.254/24


I have tried everything in my firewall config.. Someone please
 
Old 08-14-2002, 09:06 PM   #2
rob_roman23
Member
 
Registered: May 2002
Location: Hoboken NJ
Distribution: Red Hat 7.1,7.3,8.0
Posts: 58

Original Poster
Rep: Reputation: 15
Here is my rc.firewall


#!/bin/sh
#
# rc.firewall-2.4-stronger
FWVER=0.73s

echo -e "\nLoading STRONGER rc.firewall - version $FWVER..\n"


IPTABLES=/sbin/iptables
#IPTABLES=/usr/local/sbin/iptables
#
LSMOD=/sbin/lsmod
DEPMOD=/sbin/depmod
INSMOD=/sbin/insmod
GREP=/bin/grep
AWK=/bin/awk
SED=/bin/sed
IFCONFIG=/sbin/ifconfig


EXTIF="eth1"
INTIF="eth0"
echo " External Interface: $EXTIF"
echo " Internal Interface: $INTIF"
echo " ---"

EXTIP="`$IFCONFIG $EXTIF | $GREP 'inet addr' | $AWK '{print $2}' | \
$SED -e 's/.*://'`"

echo " External IP: $EXTIP"
echo " ---"


# Assign the internal TCP/IP network and IP address
INTNET="10.10.10.0/24"
INTIP="10.10.10.254/24"
echo " Internal Network: $INTNET"
echo " Internal IP: $INTIP"
echo " ---"




# Setting a few other local variables
#
UNIVERSE="0.0.0.0/0"

echo " - Verifying that all kernel modules are ok"
$DEPMOD -a

echo -en " Loading kernel modules: "


echo -en "ip_tables, "
if [ -z "` $LSMOD | $GREP ip_tables | $AWK {'print $1'} `" ]; then
$INSMOD ip_tables
fi


echo -en "ip_conntrack, "
if [ -z "` $LSMOD | $GREP ip_conntrack | $AWK {'print $1'} `" ]; then
$INSMOD ip_conntrack
fi

echo -e "ip_conntrack_ftp, "
if [ -z "` $LSMOD | $GREP ip_conntrack_ftp | $AWK {'print $1'} `" ]; then
$INSMOD ip_conntrack_ftp
fi


echo -en " ip_conntrack_irc, "
if [ -z "` $LSMOD | $GREP ip_conntrack_irc | $AWK {'print $1'} `" ]; then
$INSMOD ip_conntrack_irc
fi


echo -en "iptable_nat, "
if [ -z "` $LSMOD | $GREP iptable_nat | $AWK {'print $1'} `" ]; then
$INSMOD iptable_nat
fi


echo -e "ip_nat_ftp"
if [ -z "` $LSMOD | $GREP ip_nat_ftp | $AWK {'print $1'} `" ]; then
$INSMOD ip_nat_ftp
fi

echo " ---"

echo " Enabling forwarding.."
echo "1" > /proc/sys/net/ipv4/ip_forward

echo " Enabling DynamicAddr.."
echo "1" > /proc/sys/net/ipv4/ip_dynaddr

echo " ---"

echo " Clearing any existing rules and setting default policy to DROP.."
$IPTABLES -P INPUT DROP
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT DROP
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -F -t nat

if [ -n "`$IPTABLES -L | $GREP drop-and-log-it`" ]; then
$IPTABLES -F drop-and-log-it
fi
$IPTABLES -X
$IPTABLES -Z
echo " Creating a DROP chain.."
$IPTABLES -N drop-and-log-it
$IPTABLES -A drop-and-log-it -j LOG --log-level info
$IPTABLES -A drop-and-log-it -j DROP

echo -e "\n - Loading INPUT rulesets"


$IPTABLES -A INPUT -i lo -s $UNIVERSE -d $UNIVERSE -j ACCEPT
$IPTABLES -A INPUT -i $INTIF -s $INTNET -d $UNIVERSE -j ACCEPT
$IPTABLES -A INPUT -i $EXTIF -s $INTNET -d $UNIVERSE -j drop-and-log-it
$IPTABLES -A INPUT -i $EXTIF -s $UNIVERSE -d $EXTIP -m state --state ESTABLISHED,RELATED -j ACCEPT

#***********************************************************************
$IPTABLES -A INPUT -i $EXTIF -p tcp --sport 1024:65535 --dport 25 -j ACCEPT
echo -e " - Allowing EXTERNAL access to DHCP ports 67 to 68 - INPUT"
$IPTABLES -A INPUT -i $EXTIF -p udp --sport 67 --dport 68 -j ACCEPT
echo -e " - Allowing EXTERNAL access to DHCP ports 68 to 67 - OUTPUT"
$IPTABLES -A OUTPUT -o $EXTIF -p udp --sport 68 --dport 67 -j ACCEPT
echo -e " - Allowing INTERNAL access to DHCP ports 67 to 68 - INPUT"
$IPTABLES -A INPUT -i $INTIF -p udp --sport 67 --dport 68 -j ACCEPT
echo -e " - Allowing INTERNAL access to DHCP ports 68 to 67 - OUTPUT"
$IPTABLES -A OUTPUT -o $INTIF -p udp --sport 68 --dport 67 -j ACCEPT
#**********************************************************************

echo -e " - Allowing EXTERNAL access to the WWW server - 8080"
$IPTABLES -A INPUT -i $EXTIF -m state --state NEW,ESTABLISHED,RELATED -p tcp -s $UNIVERSE -d $EXTIP --dport 8080 -j ACCEPT



$IPTABLES -A INPUT -s $UNIVERSE -d $UNIVERSE -j drop-and-log-it


echo -e " - Loading OUTPUT rulesets"
$IPTABLES -A OUTPUT -o lo -s $UNIVERSE -d $UNIVERSE -j ACCEPT
$IPTABLES -A OUTPUT -o $INTIF -s $EXTIP -d $INTNET -j ACCEPT
$IPTABLES -A OUTPUT -o $INTIF -s $INTIP -d $INTNET -j ACCEPT
$IPTABLES -A OUTPUT -o $EXTIF -s $UNIVERSE -d $INTNET -j drop-and-log-it
$IPTABLES -A OUTPUT -o $EXTIF -s $EXTIP -d $UNIVERSE -j ACCEPT
$IPTABLES -A OUTPUT -o $INTIF -p tcp -s $INTIP --sport 67 -d 255.255.255.255 --dport 68 -j ACCEPT
$IPTABLES -A OUTPUT -o $INTIF -p udp -s $INTIP --sport 67 -d 255.255.255.255 --dport 68 -j ACCEPT

$IPTABLES -A OUTPUT -s $UNIVERSE -d $UNIVERSE -j drop-and-log-it
echo -e " - Loading FORWARD rulesets"
echo " - FWD: Allow all connections OUT and only existing/related IN"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j drop-and-log-it
echo " - NAT: Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j SNAT --to $EXTIP
echo -e "\nDone.\n"
 
Old 09-05-2002, 11:52 AM   #3
rob_roman23
Member
 
Registered: May 2002
Location: Hoboken NJ
Distribution: Red Hat 7.1,7.3,8.0
Posts: 58

Original Poster
Rep: Reputation: 15
Got it working thanks
 
0 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables, nat, dhcp with adsl modem/router and wireless AP gjhicks Linux - Wireless Networking 8 05-16-2005 06:15 AM
Iptables + DHCP kemplej Linux - Security 1 09-18-2004 01:05 AM
iptables with DHCP and hostname MartinN Linux - Networking 2 12-29-2003 09:55 AM
DHCP + IP Alias + public/private IP +iptables marcinbu Linux - Networking 4 09-23-2003 03:15 PM
dhcp server and iptables firewall m021998 Linux - Networking 3 09-15-2003 06:35 PM


All times are GMT -5. The time now is 02:32 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration