Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Im using squid for a SOHO running on Debian etch. It worked fine for a couple of weeks before I tried to block all ports except for the ones we will need in iptables.
The thing is, I edited the rc.local script to enter the new rules I found online using my windows workstation.
When I restarted the script by ./rc.local, it gave me the error -bash: ./rc.local: Bad interpreter bin/sTh and then my box stoped giving clients on the network connection to the internet.
I then tried to put back my original configuration in rc.local which is /sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
but then again, same errors. it seemed that the rules were no longer executable cause they were no longer color coded.
If you dont mind me asking one more thing though. This is actually the very reason why my proxy got screwed in the 1st place.
How do i block all ports from the server and only allow the common ports we need like 80, 8080, 25, 110, 143, 993, 22, 1863 and then all else is blocked.
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
...
<same as above changing the port number you want to allow>
...
iptables -A INPUT -i eth0 -p tcp --dport 0:65535 -j DROP
i know this sounds a bit dumb but do i have to lose the line
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
These rules are for NAT and port forwarding. So it's up to you to see if you need them.
Mind that you don't have to put any iptables rules in rc.local. You can create a rc.firewall file (just make sure it's executable) and write there your rules. Slackware by default looks for this file on boot and if it find it, it executes it.
There is also a nice script named quicktables you can use to create the rc.firewall file.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.