LinuxQuestions.org
Review your favorite Linux distribution.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page iptables
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 11-08-2003, 12:16 PM   #1
tarheel92x
Member
 
Registered: Sep 2003
Location: Southeast USA
Distribution: CentOS
Posts: 111

Rep: Reputation: 15
iptables

I have a Linux PC I would like to use as a firewall. I have configured the router part of it:

1] enabled packet forwarding in the sysctl.conf file

2] set up NAT with the MASQUERADE option because my Internet connection is configured via DHCP

However, I set the following rules in iptables:

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

I then save this to my /etc/sysconfig/iptables file and started iptables, /etc/init.d/iptables start

I dont understand how I am still able to connect to the Internet from another PC behind the firewall.

---------------- ----------- ------------ ------------------
| other pc |-----------| switch |-----------| firewall |-------| DSL modem |
---------------- ----------- ------------ ------------------

my first ASCII art ... thanks in advance ...
 
Old 11-08-2003, 04:12 PM   #2
/bin/bash
Senior Member
 
Registered: Jul 2003
Location: Indiana
Distribution: Mandrake Slackware-current QNX4.25
Posts: 1,802

Rep: Reputation: 47
The default policy is for any packet that doesn't match any other rule. So you can set the default to DROP and still have internet access as long as those aren't your only rules.
 
Old 11-09-2003, 07:00 AM   #3
tarheel92x
Member
 
Registered: Sep 2003
Location: Southeast USA
Distribution: CentOS
Posts: 111

Original Poster
Rep: Reputation: 15
nat is the only other rule i have
here is the iptables file:

*filter
:INPUT DROP [2:120]
:FORWARD DROP [0:0]
:OUTPUT DROP [3:180]
COMMIT
# Completed on Thu Nov 6 23:09:16 2003
# Generated by iptables-save v1.2.7a on Thu Nov 6 23:09:16 2003
*nat
:PREROUTING ACCEPT [18:2025]
:POSTROUTING ACCEPT [49:3012]
:OUTPUT ACCEPT [97:6731]
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT

are you saying that *nat is the problem since it is set to accept prerouting, postrouting and output

Thanks
 
Old 11-09-2003, 06:52 PM   #4
kahpeetan
LQ Newbie
 
Registered: Nov 2003
Distribution: redhat
Posts: 17

Rep: Reputation: 0
check all your iptables rules

#iptables -nL --line-numbers

you might want to try flushing all the tables first too.
 
Old 11-09-2003, 07:28 PM   #5
joseph
Member
 
Registered: Jun 2003
Location: Batam
Distribution: Ubuntu 10 And Linux Mint
Posts: 414

Rep: Reputation: 30
I think you didn't add the flushing rule so your iptables will still read your old conf.

Try to add this few line above your default policy

iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD

It will flush your existing rule and replace with your new one
 
Old 11-13-2003, 03:44 AM   #6
fotoguy
Senior Member
 
Registered: Mar 2003
Location: Brisbane Queensland Australia
Distribution: Custom Debian Live ISO's
Posts: 1,291

Rep: Reputation: 62
If all fails and you get a bit frustrated with it, there is a easier way out of it. There are some great firewall distros out there, i am using one called IPCOP.

I´ve been running it for about a year now and it works well. It will install and format the drive and it´s pretty easy to configure. You´ll be up and running in no time at all.
 
Old 11-13-2003, 03:32 PM   #7
/bin/bash
Senior Member
 
Registered: Jul 2003
Location: Indiana
Distribution: Mandrake Slackware-current QNX4.25
Posts: 1,802

Rep: Reputation: 47
There are also many firewall scripts available for you to try till you find one that fits your needs. Check out www.linuxguruz.com/iptables
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
An error occured getting IPtables status from the command /etc/rc.d/init.d/iptables s CrazyMAzeY Linux - Newbie 10 08-12-2010 05:25 AM
Iptables - Couldn't load target `ACCPET':/lib/iptables/libipt_ACCPET.so: z00t Linux - Security 3 01-26-2004 02:24 AM
IPtables Log Analyzer from http://www.gege.org/iptables/ brainlego Linux - Software 0 08-11-2003 06:08 AM
iptables book wich one can you pll recomment to be an iptables expert? linuxownt Linux - General 2 06-26-2003 04:38 PM
My iptables script is /etc/sysconfig/iptables. How do i make this baby execute on boo ForumKid Linux - General 3 01-22-2002 07:36 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:53 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration