Hello,
I have a problem with the configuration of my firewall using Iptables. I have a desktop PC and a server/router/firewall PC. The desktop PC is running Slackware 10.1, the other one 10.0. I also have MLDonkey 2.5-27 running on the router which I can control via the web interface inside the LAN (
http://192.169.0.1:4080) from my desktop PC. Now I also want to have access to that interface from work. Therefore I added 2 rules to my Iptables firewall to allow SSH (Port 22) and MLDonkey Web Interface (Port 4080) connection attempts from the static IP address of my company. The SSH access works, the MLDonkey Web Interface doesn't. I really have no idea where the problem is. This is my firewall scripts that is called from rc.local during the boot process:
Code:
#!/bin/sh
# Reset everything
iptables -F
iptables -F -t mangle
iptables -F -t nat
iptables -X
iptables -X -t mangle
iptables -X -t nat
# Drop all input/forward packages and accept all output packages by default
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
# Enable IP-Forwarding
echo "1" > /proc/sys/net/ipv4/ip_forward
# Allow loopback interface
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Create new chain for internet
iptables -N internet
# Allow HTTPS connection attempts
iptables -A internet -p tcp --dport 443 -j ACCEPT
# Allow MLDonkey daemon connection attempts
iptables -A internet -p tcp -m multiport --dport 4662,16253 -j ACCEPT
iptables -A internet -p udp -m multiport --dport 4662,16253 -j ACCEPT
# Allow MLDonkey Web Interface connection attempts from LAN
iptables -A internet -i eth1 -p tcp --dport 4080 -j ACCEPT
# Allow SSH and MLDonkey Web Interface connection attempts from work
iptables -A internet -s xxx.xxx.xxx.xxx -p tcp --dport 22 -j ACCEPT
iptables -A internet -s xxx.xxx.xxx.xxx -p tcp --dport 4080 -j ACCEPT
# Create new common chain for LAN and internet
iptables -N all
# Accept existing connections
iptables -A all -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow connection attempt when source is not ppp0
iptables -A all -m state --state NEW -i ! ppp0 -j ACCEPT
# Apply chain internet
iptables -A INPUT -i ppp0 -j internet
iptables -A FORWARD -i ppp0 -j internet
# Apply chain all
iptables -A INPUT -j all
iptables -A FORWARD -j all
# Enable Masquerade
iptables -A POSTROUTING -o ppp0 -t nat -j MASQUERADE
Maybe someone has an idea what the problem is. Thanks a lot.
Lars