LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 09-10-2003, 10:23 PM   #1
zer0python
Member
 
Registered: Sep 2003
Posts: 104

Rep: Reputation: 20
Question iptables OUTPUT problem..


I have a linuxbox runnin Slackware 9.0, and I'm using it, so I can access the internet with more than one pc at a time, using IP Masquerading..anyway to the question, it forwards everything properly, but when I ssh into it, and try to access the net from there, it fails, any idea on this? here is the script.

-- /etc/rc.d/rc.firewall ---
#!/bin/sh

ipt=/usr/sbin/iptables
ipf="/proc/sys/net/ipv4/ip_forward"
ipd="/proc/sys/net/ipv4/ip_dynaddr"

$ipt -F
$ipt -F INPUT
$ipt -F OUTPUT
$ipt -F FORWARD
$ipt -F -t nat
$ipt -F -t mangle

$ipt -P INPUT DROP
$ipt -P OUTPUT ACCEPT
$ipt -P FORWARD ACCEPT

$ipt -X
$ipt -Z

$ipt -A INPUT -i lo -j ACCEPT
$ipt -A INPUT -i eth0 -j ACCEPT

$ipt -A INPUT -i ppp0 -p icmp --icmp-type echo-reply -j DROP
$ipt -A INPUT -i ppp0 -p tcp --tcp-flags ALL SYN,ACK -j DROP

$ipt -A INPUT -p tcp --dport 80 -j ACCEPT

$ipt -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
$ipt -A FORWARD -i ppp0 -m state --state NEW,INVALID -j DROP
echo 1 > $ipf; echo 1 > $ipd;
------------------------------

Thanks, in advanced.
 
Old 09-11-2003, 01:17 AM   #2
mychl
Member
 
Registered: Jul 2001
Location: Earth
Posts: 164

Rep: Reputation: 30
iptables -A OUTPUT -o $EXTINT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o $INTINT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

Try something like that....
 
Old 09-12-2003, 04:13 PM   #3
zer0python
Member
 
Registered: Sep 2003
Posts: 104

Original Poster
Rep: Reputation: 20
thanks, but that didn't work...any other ideas?
 
Old 09-12-2003, 07:02 PM   #4
Mathieu
Senior Member
 
Registered: Feb 2001
Location: Montreal, Quebec, Canada
Distribution: RedHat, Fedora, CentOS, SUSE
Posts: 1,403

Rep: Reputation: 46
Quote:
but when I ssh into it, and try to access the net from there
I am not sure if I follow...

Where are you SSHing from ? (LAN or internet)

If you are trying to connect from the internet to your PC, you will not be able to because the INPUT chain is dropping everything except port 80.
 
Old 10-01-2003, 06:49 PM   #5
zer0python
Member
 
Registered: Sep 2003
Posts: 104

Original Poster
Rep: Reputation: 20
Sorry, Haven't been on in a while... been a bit busy..anyway, I am accessing it thru my lan, from my other linux box.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables -P vs :OUTPUT in /etc/sysconfig/iptables TomF Linux - Security 2 04-14-2005 10:50 PM
Help! explain needed for the output of iptables -L mrpc_cambodia Red Hat 2 07-20-2004 11:16 PM
iptables output to monitor lumux Linux - Networking 1 08-24-2003 03:08 PM
Suppress Iptables' Output mrsolo Linux - Software 1 05-05-2003 08:45 PM
iptables - Im having problems with an OUTPUT statement ForumKid Linux - Security 6 01-24-2002 07:34 AM


All times are GMT -5. The time now is 07:05 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration