iptables problem
Does anyone know why after ive run my firewall script that I can no longer access anything through my external interface (eth0) on that machine... Everything else works fine. Connection sharing works fine, im able to connect the internet on my other machines that use it as a gateway...
Heres my script. #!/bin/bash # IFACE_EXT="eth0" IFACE_INT="eth1" # Clear any previous iptables rules iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain echo "All Tables and Rules Cleared..." # Default policies iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT echo "Default Chain Policies Set..." # Accept ssh connections on external interface iptables -A INPUT -p tcp --dport 22 -j ACCEPT echo "Incoming SSH Connections Accepted..." # Drop unwelcome connects iptables -A INPUT -p tcp --syn -j DROP # IP Masquerading iptables -A FORWARD -i $IFACE_EXT -o $IFACE_INT -m state --state = ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i $IFACE_INT -o $IFACE_EXT -j ACCEPT iptables -A FORWARD -i $IFACE_INT -j ACCEPT iptables -t nat -A POSTROUTING -o $IFACE_EXT -j MASQUERADE echo "IP Masquerading Running..." # Port forwarding iptables -A FORWARD -p tcp -i $IFACE_EXT -j ACCEPT echo "Port Forwarding Enabled..." #Enable packet forwarding echo 1 > /proc/sys/net/ipv4/ip_forward echo "Packet Forwarding Enabled..." |
if I understand you correctly
Hey,
If I understand you correctly, you can see anything from your gateway itself, like you've ssh'd into it and can't ping anything from eth0 ? your problem likely lies in this line iptables -A INPUT -p tcp --syn -j DROP try removing that line and see if it makes a difference. -Kilka |
Thats exactly what was the problem, thank you for ur help
|
your welcome
-kilka
|
Based on the above script how would I open port 80 or other services on the router its self... Id like to be able to see my pages being served up using apache, but it seems I'm missing something and I cant view anything when trying to browse. The server is up... ssh seems to work... I tried using the same syntax used to open ssh but only on port 80 but still not working... any ideas.... also is there anything I could add to my script to help harden it... right now its pretty basic... id like to block all that bad stuff out there... any help as always is greatly appreciated..
|
So you've got this:
iptables -A INPUT -p tcp --dport 80 -j ACCEPT but still can't see anything through the router ? I would guess it's some setting in the router that you've got to change. Remember that dropping all other connections should always be the last thing you do. -Kilka |
Ya im still figuring all this iptables stuff out... so its a trial by error type thing for me... I have a suspission that its to do with apache... I just found out even though installed with apt-get its proccess not running when checked with ps -A. So ive downloaded the source and im compiling apache myself, well see if this works now...
|
All times are GMT -5. The time now is 10:44 PM. |