I have the following setup:
1. Linux PC with 2 Netwrk Card, one for local Network(192.168.1.10) , and other for Internet sharing (172.16.1.2, Gateway 172.16.1.1 (connected to ADSL Router)).
2. Linux has qmail, squirrelmail, squid, Samba, etc.
3. Windows NT (192.168.1.5) with Norton email scanner, which downloads the Mail from Internet (192.168.1.8 (Cisco Router - Hughes line)), scan the mails and forward it to Linux qmail.
4. Cisco Router (192.168.1.8), to which Hughes line is connected and it is purely used for emailing.
5. qmail sends out the mails to 192.168.1.8 i.e. router. Internet Connection on linux pc is used only for internet sharing via squid.

I have setup all the softwares. I need iptables script for above configuration. Please do it for me ASAP as I have to implement it at one of my customer place.

Thank you.

www.iptablesrocks.org/
http://www.faqs.org/docs/iptables/
http://krnlpanic.com/tutorials/iptables.php

Those are a few of my bookmarks and should be able to get your script up if you spend a day learning it.

I'm not trying to be mean, but isn't that why your customer would hire me. Maybe somebody hear has the spare time to write a company's firewall for free. I'll gladly help refine little pieces here and there, but asking us to create a custom firewall to secure your customer's network is going a little to far.
One of the rules says "Do ask people to do your homework." This sounds much like that only instead of school, it is for a business.

Thank you for ur reply musicman_ace, but i need the script urgently. If possible, please do it for me.

Thank you

What he is trying to say is this: We are not here to do your work for you. We are nobodies slaves. If you need help with something most on here are glad to help. Help does not mean "do it for you". Plus, if you are making money on this, it would be only right for you to pay someone to do it.

I guess it's not explicitly stated in the rules when you sign up, so I'll refer you to a howto that one of the moderators has in his signature:
http://www.catb.org/~esr/faqs/smart-...ns.html#urgent

Basically, everyone here volunteers their time and I doubt you will find someone here who is willing to do for free all the work that you are likely being paid for.

I'm not sure how it is where you live, but in my town tech jobs are still not easy to come by, so if you would kindly provide your employer's contact information maybe someone who is capable of doing the job you were hired to do can apply for the position.

I'm extremely sorry for this. Actually I am using the forum for the first time. and i was very frustrated for this problem. Today itself I registered with 5 to 6 Forums and put the same question in similar fashion. Thank you for pointing this to me. And also my english is little weak.

I tried with script below. But it is not working.

iptables -t filter -F
iptables -t nat -F
iptables -t mangle -F


iptables -P FORWARD REJECT
iptables -A FORWARD -s 192.168.1.0/24 -d 0/0 -j ACCEPT
iptables -A FORWARD -s 192.168.1.0/24 -d 192.168.1.0/24 -j REJECT
iptables -A FORWARD -s 127.0.0.1 -d 192.168.1.0/24 -j REJECT
iptables -A FORWARD -s 192.168.1.0/24 -d 127.0.0.1 -j REJECT
iptables -A FORWARD -s 127.0.0.1 -o eth1 -j REJECT
iptables -A FORWARD -i eth1 -d 127.0.0.1 -j REJECT


iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth1 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp -d 0/0 --dport 25 -d 192.168.1.8 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j REJECT
iptables -t nat -A POSTROUTING -s 0/0 -o eth0 -j REJECT
iptables -t nat -A POSTROUTING -s 0/0 -o eth0 -j REJECT


I typed above commands line by line. Other details are as follows
eth0=192.168.1.10 local Network
eth1=172.16.1.2 Connected DSL Router
192.168.1.8=Cisco Router Used send/receive mails.

eth0 and eth1 are installed in Fedora Core3. FC3 has qmail, squirrelmail,squid, Samba etc.

On Windows NT, Norton Mail Scanner downloads the Mails via Router (192.168.1.8), and forward it to Linux PC. qmail sends outgoing mail directly from router.

Second NIC (172.16.1.2) is used for Internet sharing via squid.

After using the above rules squid does not start.

Help will be appreciated.


Thank you

Here is an example script I saw on the net. This may help you abit....

Thank you for this. I'll work on it and let you know