LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page Help!!! Setting up a firewall using IPTables
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 08-04-2003, 08:16 AM   #1
seidren
Member
 
Registered: May 2003
Distribution: Ubuntu, Windows XP
Posts: 90

Rep: Reputation: 16
Angry Help!!! Setting up a firewall using IPTables

I have been trying to setup a firewall using IPTables but have found no success so far. Here is the layout of the network I am trying to make.

There are two networks.
The first one has IP addresses 10.45.2.1-255 (External Lan)
The second one has IP addresses 10.1.0.1-255 (Internal Lan)

A machine on the Internal Lan is the mail server (10.1.0.1)

I have a computer with 2 ethernet cards

Currently all the computers access the mail server directly with the IP address 10.1.0.1.

What I want to do is to restrict the computers in the External Lan from using the mail server directly. They will access the mail server with a fake IP address 10.45.2.100.

For this I have setup the firewall/router computer with the 2 ethernet cards like this

eth0 - IP address = 10.45.2.1 (Facing External Lan)
eth1 - IP address = 10.1.0.240 (Facing Internal Lan)

and I have setup rules so that incoming packets to the eth0 side with a destination address of the fake mail server (10.45.2.100) will be redirected to the actual destination (10.1.0.1) like this

iptables -t nat -A PREROUTING -p tcp -i eth0 -d 10.45.2.100 -j DNAT --to-destination 10.1.0.1

also I have setup rules so that replies from the mail server to the external lan will have their source address changed from 10.1.0.1 to 10.45.2.100

iptables -t nat -A POSTROUTING -p tcp -i eth0 -s 10.1.0.1 -j SNAT --to-source 10.45.2.100

I also want to block the external lank from accessing the internal lan so I have done this

iptables -A INPUT -p tcp -i eth0 -d 10.1.0.0 -j REJECT


This setup didnt work. So I took off the last rule (Rejecting one) and tried again.

When I pinged from one of the external lan machines (10.45.2.2), I was able to ping 10.1.0.1 but not 10.45.2.100
When I did a traceroute from the external machine, for 10.1.0.1 I got only two IPs one was the 10.45.2.1 and the other was 10.1.0.1. I was expecting 10.1.0.240 in between the two.

I really dont know what is happening here. And I need your help. PLEASE !!!

If you need further clarification please let me know. I'll try my best to be clear.
 
Old 08-04-2003, 04:07 PM   #2
mindnumbed
Member
 
Registered: Jul 2003
Location: Scotland
Distribution: Debian
Posts: 74

Rep: Reputation: 15
you'd be better off using a firewall config tool, such as shorewall. that makes it very simple to do things like that.
 
Old 08-20-2003, 02:27 PM   #3
Iturbide
Member
 
Registered: Aug 2003
Location: The Hague, The Netherlands
Distribution: Mandrake 9something, Gentoo
Posts: 49

Rep: Reputation: 15
See if a firewall script from http://easyfwgen.morizot.net/ will do the trick. Usually works for me.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Iptables with iptables-firewall.conf arno's matt3333 Slackware 16 06-28-2007 07:20 AM
iptables firewall ninjaz Linux - Networking 2 10-20-2005 10:19 AM
IPTABLES firewall Vs rc firewall netguy2000 Linux - Security 7 02-28-2004 04:31 AM
Setting up Firewall, iptables duerra Linux - Newbie 3 01-22-2004 12:26 PM
Firewall setting up via iptables not able to get out countcobolt Linux - Networking 1 01-15-2004 06:43 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 12:04 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration