LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-14-2011, 11:31 AM   #1
Shadowtrooper
LQ Newbie
 
Registered: May 2011
Posts: 3

Rep: Reputation: 0
Post how to make the internet go through the firwall to private network!!!


hi all i am new with IP tables stuff and i have a problem....
i have a pc Contain a fedora OS and i want to make a small network (4 PCs Contain XP OS) and using the pc of fedora OS as a firewall
i want to Prevent the ping (i think it called(ICMP)) in the privat network and prevent one of the PCs from Browsing internet(prevent port 80 and 81 as i think)
and i still don't know how to make the internet go Through the firewall to the private network...

note: WAN = eth0
LAN = eth1
any one can help plz!!!!

Last edited by Shadowtrooper; 05-14-2011 at 12:23 PM. Reason: change the title
 
Old 05-14-2011, 11:50 AM   #2
EricTRA
LQ Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 20 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295
Hello and welcome to LinuxQuestions,

First of all, please change your thread title to something more descriptive if you want to draw attention to your question. The one you put has a reversed effect here at LQ. That being said, you should research for yourself and not ask us for ready made solutions or personalized howto guides. The man page for IPTABLES is a very good first starting point. Other documentation can be found here:
Linux firewalls using iptables
Linux Firewall tutorial
Iptables tutorial

If you have some rules that you've tested and believe that fail, then post them here and we'll have a look.

Kind regards,

Eric
 
Old 05-14-2011, 12:19 PM   #3
Shadowtrooper
LQ Newbie
 
Registered: May 2011
Posts: 3

Original Poster
Rep: Reputation: 0
Exclamation

Quote:
Originally Posted by EricTRA View Post
Hello and welcome to LinuxQuestions,

First of all, please change your thread title to something more descriptive if you want to draw attention to your question. The one you put has a reversed effect here at LQ. That being said, you should research for yourself and not ask us for ready made solutions or personalized howto guides. The man page for IPTABLES is a very good first starting point. Other documentation can be found here:
Linux firewalls using iptables
Linux Firewall tutorial
Iptables tutorial

If you have some rules that you've tested and believe that fail, then post them here and we'll have a look.

Kind regards,

Eric
the main problem is that i don't know how make the internet go through the firewall to the network i made the whole IP tables rules ,Prevented the ping from PCs prevent one of the PCs from Browsing internet (by DROPing port 80 and 81),i had a research about how to make the internet go Through and still don't know how?!?!
 
Old 05-14-2011, 12:24 PM   #4
EricTRA
LQ Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 20 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295
Hi,

What rules have you set for your iptables firewall?

Kind regards,

Eric
 
Old 05-14-2011, 12:52 PM   #5
Shadowtrooper
LQ Newbie
 
Registered: May 2011
Posts: 3

Original Poster
Rep: Reputation: 0
Post

[root@myServer ~ ] # iptables -A INPUT -p tcp -m tcp --dport 80 -j reject
[root@myServer ~ ] # iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP
[root@myServer ~ ] # service iptables save
[root@myServer ~ ] # service iptables restart
and i tried to this one to make the internet go through but it's failed
[root@myServer ~ ] # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
to be Honest i don't know if the above rules is correct!!
 
Old 05-15-2011, 04:54 PM   #6
kostya
Member
 
Registered: Mar 2010
Location: Moscow, Russia
Distribution: Ubuntu Studio, antix(mepis), Fedora, FreeBSD
Posts: 173
Blog Entries: 5

Rep: Reputation: 17
Well... while I agree that you need to do a lot of personal study, I must admit it was at first VERY confusing for me when I tried to read through all these "iptables tutorials" in order to achieve my rather generic goals. But you'll have to anyway.

But answering your direct question: for a gateway to function you need to enable IP-forwarding in order to get ANY packages travel from LAN to WAN and vice versa (with or without ip filtering): How to enable ip-forwarding on a Linux host? Google will help easily.

Then about you pinging question... Who must not ping who in your setup??? This is not clear from your question, sorry. If it is your LAN machines not to be able to ping one another, for example, then your gateway has nothing to do with it. Configure your Windows hosts accordingly. Otherwise define more clearly your goal.

Then about your PC that's not supposed to browse the web: does it need to have ANY Internet access at all? Or do you mean only to prevent it from web-browsing yet give it access to some other Internet services?
The simpler the better, don't forget.
Or you may ask yourself: "what sort of Internet access do I want to ALLOW for the host in question?"
You see: the simplest/safest approach to firewall rules in general is to DENY everything and define what you want to ALLOW. You'll find it in all tutorials. Logical, isn't it?


Then about your "WAN" interface: is it a direct cable connection to Internet with a fixed address? Or the same with DHCP?

...So you must have/give a more clear picture of what you want and what you don't in the terms of a network sysadmin, not of a generic user. These programs are NOT written to provide some "safe defaults" for the things you forgot to take into account, for they rather "think" that the safest default ever is to switch the computer off.

Just with your question it is not clear what you already know and what you don't, so let's start with the questions above.

Last edited by kostya; 05-15-2011 at 05:46 PM.
 
Old 05-15-2011, 06:21 PM   #7
jefro
Moderator
 
Registered: Mar 2008
Posts: 15,394

Rep: Reputation: 2207Reputation: 2207Reputation: 2207Reputation: 2207Reputation: 2207Reputation: 2207Reputation: 2207Reputation: 2207Reputation: 2207Reputation: 2207Reputation: 2207
Sending a proxy.pac file would do it.
 
0 members found this post helpful.
Old 05-17-2011, 12:43 AM   #8
KenJackson
Member
 
Registered: Jul 2006
Location: Maryland, USA
Distribution: Fedora, PCLinuxOS
Posts: 590

Rep: Reputation: 73
How is your Fedora firewall box connected to the internet?
Is it in a home connected to an ISP, like Verizon FIOS or Comcast or your phone company's DSL?
Or is it connected to a commercial provider?

If it's in a home, you very likely have been provided with a router, which also does filtering.

If it's connected to a commercial provider, you'll need to find out what you're connected to. Is there just a router? Or a router with some firewall capability?

Also, you asked about going through the firewall to the private network. Are you talking about accessing your private network from outside? For example, logging into your home PC from work? I do that, but it's a different question.
 
Old 05-17-2011, 06:42 AM   #9
archtoad6
Senior Member
 
Registered: Oct 2004
Location: Houston, TX (usa)
Distribution: MEPIS, Debian, Knoppix,
Posts: 4,727
Blog Entries: 15

Rep: Reputation: 233Reputation: 233Reputation: 233
jefro,

What is a "proxy.pac"? W/ no link, context, or explanation, your post is in technical violation of the LQ Rules:
Quote:
  • Do not post if you do not have anything constructive to say in the post.
Please make your post constructive by expanding it, or please delete it.

In the future, when you are about to make such a short, cryptic post, please consider the LQ & Linux experience level of the person you are speaking to. -- In this case OP has only 3 posts here.

Thank you for your co-operation.
 
Old 05-17-2011, 07:08 AM   #10
archtoad6
Senior Member
 
Registered: Oct 2004
Location: Houston, TX (usa)
Distribution: MEPIS, Debian, Knoppix,
Posts: 4,727
Blog Entries: 15

Rep: Reputation: 233Reputation: 233Reputation: 233
Add LQ rule reference

Shadowtrooper,

Is this proposed Fedora based firewall external, i.e. connected directly to the 'Net; or internal, i.e. isolating a subnet from the rest of your LAN? If you know little or nothing about iptables, an external firewall is not the place to learn. It's dangerous to the point of being foolhardy. Furthermore, IMNRHO, the goals of the Fedora project are not compatible w/ those of a firewall. Use IPCop instead. If you must use a Red Hat type OS, then it should be CentOS.

What do "pc Contain a fedora OS" & "(4 PCs Contain XP OS)" mean? -- Is Contain a specific piece of s/w, or are you just unfamiliar w/ the rules of capitalization in English? Did you mean "containing", i.e. "running"?

Before you go any further, please answer the clarifying questions asked by EricTRA, kostya, KenJackson, & me. Until we know your LAN structure, we don't know what danger we are helping you put yourself & your LAN into. From the LQ Rules:
Quote:
  • We would like to stress that you should fully understand what a recommended change may do to your system. You should not give anyone you do not know login information to your system. LinuxQuestions.org cannot be held liable for anything you do as a result of information obtained at this site.
[emphasis & de-emphasis added]

Last edited by archtoad6; 05-17-2011 at 07:13 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
a simple script plZZZZZZZ roopunix Linux - Networking 3 05-31-2004 02:55 PM


All times are GMT -5. The time now is 03:49 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration