howdy.. yea I think I may have been a little vague.
I have a static IP when I dialup and this is OK, lets say XXX.XXX.XXX.143
I also have XXX.XXX.XXX.145 - .150
.144 - network
.151 - broadcast
Now I have my local network going fine, 10.25.49.1/24 but I want to put them on net IPs.. I'm not sure how to do this cause I have also just used it was NAT.
My firewall I wrote is along the lines of
Code:
#!/bin/sh
iptables=/sbin/iptables
modprobe=/sbin/modprobe
# Flushing tables..
$iptables -F
$iptables -t nat -F
# MASQ rules for gateway
echo "1" > /proc/sys/net/ipv4/ip_forward
$iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE -s 10.25.49.0/24
# Loading modules
$modprobe ip_conntrack_irc
$modprobe ip_nat_irc
$modprobe ip_conntrack_ftp
$modprobe ip_nat_ftp
# Functions
ftpports () {
case "$1" in
permit)
;;
forward)
;;
esac
}
case "$1" in
start|restart|reload)
# PERMIT SELECTED PORTS
$iptables -A INPUT -i ppp0 -p tcp --dport 22 -j ACCEPT
$iptables -A INPUT -i ppp0 -p tcp --dport 80 -j ACCEPT
$iptables -A INPUT -i ppp0 -p tcp --dport 113 -j ACCEPT
ftpports permit
# ALLOW INCOMING BASED ON EXISTING
$iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT
$iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# BLOCK REMAINING
$iptables -A INPUT -i ppp0 -p all -j DROP
# ETHERNET PORT FORWARDING
$iptables -t nat -A PREROUTING -p tcp --dport 113 -j DNAT --to 10.25.49.195:113
ftpports forward
echo "Firewall rules loaded successfully!"
;;
stop|kill|drop)
echo "Firewall rules unloaded successfully!"
;;
paranoid|insane)
# ALLOW INCOMING SSH
$iptables -A INPUT -i ppp0 -p tcp --dport 22 -j ACCEPT
# BLOCK REMAINING
$iptables -A INPUT -i ppp0 -p all -j DROP
echo "Firewall rules loaded successfully! Only allowing SSH connections."
;;
*)
echo "Usage: /etc/init.d/firewall (start|stop|reload|restart|paranoid)"
exit 1
;;
esac
exit 0
I haven't adjusted this since getting the static IPs. I was told by a friend to setup eth0 on that static IP, and then eth0:0 as the local network IP.
Any tips or ideas, please let me know
