LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 11-05-2010, 08:25 AM   #1
hvipen
LQ Newbie
 
Registered: Nov 2010
Posts: 4

Rep: Reputation: 0
Ubuntu-multiple interfaces- firewall


Hi!
I have a kind of different network configuration.
The problem is having a firewall(ubuntu)!
So:
eth0 - connected to a cisco router (behind even more networks)
eth1 - connected to a cisco router2 and bridge to vmware workstation.
wlan0 - connected to Internet via adsl
Cisco routers are routing rip between each other.
Everything works, problem is that i want to configure a firewall in ubuntu. The firewall should protect from wlan0 but no security between
eth0 and eth1.
Im not so good with iptables. Tried Firestarter and Guarddog but they are allways blocking one of the ethernet interfaces (see's it as external network). Pls help!!

Last edited by hvipen; 11-05-2010 at 08:27 AM.
 
Old 11-05-2010, 09:24 AM   #2
hvipen
LQ Newbie
 
Registered: Nov 2010
Posts: 4

Original Poster
Rep: Reputation: 0
I have a pdf now with the complete configuration!

Attached
Attached Files
File Type: pdf my_network.pdf (79.8 KB, 8 views)
 
Old 11-06-2010, 04:33 AM   #3
hvipen
LQ Newbie
 
Registered: Nov 2010
Posts: 4

Original Poster
Rep: Reputation: 0
Iptables

OK! I've done some reading on iptables and this is what i came up with:
------------------------------------------------------------------------
#!/bin/bash
# flush all chains
iptables -F
#Set the default policy for each of the pre-defined chains
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
#User-defined chain for ACCEPTed packets
iptables -N okay
iptables -A okay -p TCP --syn -j ACCEPT
iptables -A okay -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A okay -p TCP -j DROP
#Rules for incoming packets from LAN
iptables -A INPUT -p ALL -i eth0 -s 192.168.22.0/24 -j ACCEPT
iptables -A INPUT -p ALL -i eth0 -s 192.168.23.0/24 -j ACCEPT
iptables -A INPUT -p ALL -i eth1 -s 192.168.55.0/24 -j ACCEPT
iptables -A INPUT -p ALL -i lo -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -p ALL -i lo -s 192.168.22.0/24 -j ACCEPT
iptables -A INPUT -p ALL -i lo -s 192.168.23.0/24 -j ACCEPT
iptables -A INPUT -p ALL -i lo -s 192.168.55.0/24 -j ACCEPT
iptables -A INPUT -p ALL -i lo -s 192.168.0.70 -j ACCEPT
iptables -A INPUT -p ALL -i eth0 -d 192.168.22.255 -j ACCEPT
iptables -A INPUT -p ALL -i eth0 -d 192.168.23.255 -j ACCEPT
iptables -A INPUT -p ALL -i eth1 -d 192.168.55.255 -j ACCEPT
#Packets for established connections
iptables -A INPUT -p ALL -d 192.168.0.70 -m state --state \ESTABLISHED,RELATED -j ACCEPT
#TCP rules
#iptables -A INPUT -p TCP -i wlan0 -s 0/0 --destination-port 21 -j okay
iptables -A INPUT -p TCP -i eth1 -s 192.168.55.1 -d 192.168.0.70 --destination-port 1974 -j okay
#UDP rules
#iptables -A INPUT -p UDP -i wlan0 -s 0/0 --destination-port 53 -j ACCEPT
#ICMP rules
#iptables -A INPUT -p ICMP -i wlan0 -s 0/0 --icmp-type 8 -j ACCEPT
#iptables -A INPUT -p ICMP -i wlan0 -s 0/0 --icmp-type 11 -j ACCEPT
#Forward chain rules
#Accept the packets we want to forward
iptables -A FORWARD -i eth0 -j ACCEPT
iptables -A FORWARD -i eth1 -j ACCEPT
iptables -A FORWARD -i wlan0 -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
----------------------------------------------------------------------
Communication between eth0 and eth1 works, and they both have access to internet. Problem : Ubuntu doesn't have access to internet. Pls tell me what i am doing wrong!

Last edited by hvipen; 11-06-2010 at 04:36 AM.
 
Old 11-06-2010, 10:32 AM   #4
kaushalpatel1982
Member
 
Registered: Aug 2007
Location: INDIA
Distribution: CentOS, RHEL, Fedora, Debian, Ubuntu, LinuxMint, PCLinuxOS
Posts: 137

Rep: Reputation: 7
Where do you masquerade your packets going from LANs to WAN ?

I haven't seen any firewall rule for that.
 
Old 11-06-2010, 03:25 PM   #5
hvipen
LQ Newbie
 
Registered: Nov 2010
Posts: 4

Original Poster
Rep: Reputation: 0
Masquerade!

Don't need that- etho,eth1 and vlan0 are routed via rip or static routes.
My ADSL router takes care of the NAT.
Fond a problem , now it looks like it works:
iptables -P OUTPUT DROP #changed to ACCEPTED

What im trying to do is to have different segments all behind a ADSL router which is connected to Internet. The firewall in that router is quite bad. So i am trying to protect the segments from my own wireless segment even i dont really have to

Still have to do some reading about opening ports between the segments.
Im studying CISCO so i dont have that much time for iptables!

Last edited by hvipen; 11-06-2010 at 03:31 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
firewall with multiple possible interfaces dasy2k1 Linux - Networking 3 03-12-2010 08:41 AM
Multiple NIC on Ubuntu Box - Isolating traffic to specific interfaces whitehawk Linux - Networking 1 10-16-2009 09:03 AM
Firewall : Multiple external interfaces rlore Linux - Security 2 06-28-2005 09:18 PM
Multiple WAN interfaces (FreeBSD Firewall) mxk *BSD 4 03-17-2005 11:21 AM
Iptables firewall in multiple lan interfaces Neelesh Linux - Security 3 07-31-2004 01:19 PM


All times are GMT -5. The time now is 03:18 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration