Hello all,
Before going into my problem, I think it'd be good if I layed out my home network. Our Internet feed is a cable modem on which the house shares a single IP address. The computers in the house connect either via 802.11b or via Ethernet to a Linksys 802.11b router. I am trying to move the one computer that is connecting via Ethernet out into the living room, away from the cable modem and router. My plan was to set up my server as an internal router (the server connects via wireless), and have this computer connect through it via Ethernet. I did this almost successfully using JordanH's script. (thread id 121379. could not use a link because this is my first LQ post -- sorry...)
I am now unable to connect to my server remotely via ssh and samba, even though the server itself does have an Internet connection. (I'm posting this from the server currently).
The connections for ssh and samba are being forwarded from the Linksys router to my server's IP, but my server is not accepting them. I'll post the only modification of the script I made, which was the default configuration.
Code:
echo "Bringing up the firewall and routing tables."
################################################################################
# Default options
# These options configure the below script. It would be a good idea to move
# them to a conf file in /etc and then source it from this script.
################################################################################
echo 1 > /proc/sys/net/ipv4/ip_forward
# location of iptables command
ipt=/sbin/iptables
#
# Interfaces
# Be sure to be accurate when defining these interfaces.
# ext is your external card, likely ppp0 for DSL or eth1 for cable
lo=lo
ext=wlan0
int=eth0
#
# Spoofing protection. List all networks and IP addresses that should NOT exist
# in the real world.
#
spoofed="0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 172.16.0.0/12
192.168.0.0/16 255.255.255.255"
#
# List all ports to open ON your firewall
#
tcp_ports="22 139"
udp_ports=""
#
# These logging options will be used for all logged packets
#
logops="--log-leve=3 -m limit --limit 1/second --limit-burst=3"
################################################################################
and here's the snippet that opens the ports on the server...
Code:
################################################################################
# EXT_FIREWALL
# Packets entering firewall machine
# 1. Allow established and related connections
# 2. Allow new connections on specified ports
# 3. Log and Drop everything else
################################################################################
$ipt -N EXT_FIREWALL
$ipt -A EXT_FIREWALL -m state --state INVALID -j DROP
$ipt -A EXT_FIREWALL -j SPOOF
$ipt -A EXT_FIREWALL -m state --state ESTABLISHED,RELATED -j ACCEPT
$ipt -A EXT_FIREWALL -p icmp -j ACCEPT
#love it, but I'm still greatly uneducated.
# Open ports
#
for tcp_p in $tcp_ports
do
$ipt -A EXT_FIREWALL -p tcp --dport $tcp_p -m state --state NEW -j ACCEPT
done
for udp_p in $udp_ports
do
$ipt -A EXT_FIREWALL -p udp --dport $udp_p -m state --state NEW -j ACCEPT
done
$ipt -A EXT_FIREWALL -j LOG --log-prefix "IPT: EXT_FIREWALL: " $logops
$ipt -A EXT_FIREWALL -j DROP
################################################################################
I know this script works because many people here at LQ have used it and loved it. I'm assuming that the problem is somewhere else in my configuration. If I can post anything else useful, please let me know.
I'm currently running the latest version of Gentoo Linux on a vanilla 2.4.24 kernel.
I'm also using the ndiswrapper for my wireless card.
This IS my first ever linux server, and I do have to say that I LOVE it (MUCH faster than Windows solutions, not to mention, FREE!), but I'm still greatly uneducated on the subject having migrated to linux from XP only two weeks ago.
Any help on this is GREATLY appreciated -- thanks in advance, also, JordanH, should you read this -- thanks for the script!
Internal Firewall/Gateway problems on complex home network
