LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 05-02-2005, 03:13 PM   #1
darreng23
LQ Newbie
 
Registered: Feb 2004
Location: Wales
Distribution: Slackware 10/10.1
Posts: 25

Rep: Reputation: 15
Building Firewall/Router in Slackware


Hi, I am attempting to build a Linux firewall/router. I have managed to install slackware and get everyones machines talking to each other, no problems there. I have got NAT working by using the following command in iptables.
Code:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
I want to have a deny all policy and then specify what i want to enter the network. This is where i get confused. Do i perform the filtering within the INPUT chain of the filter table. Just a pointer in the right direction would be nice.
Thanks
 
Old 05-03-2005, 05:51 AM   #2
pave
Member
 
Registered: Oct 2004
Posts: 42

Rep: Reputation: 16
Chains INPUT controls packets coming to the router only
Chains OUTPUT controls packets coming out from the router only
Chain FORWARD controls packets moving between networks that your router connects.

FORWARD controls incoming packets to a device (like eth0).

if eth0 if your local LAN then
iptables -A FORWARD -p tcp -o eth0 -j ACCEPT
will accept tcp packets incoming to subnet

if eth1 is public WAN
iptables -A FORWARD -p tcp -o eth1 -j ACCEPT
will accept tcp packets incoming to internet (or less formally outgoing from subnet)

Standard policies if you want to drop all traffic at start is:

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

but be carefull not to block yourself if you manage router remotely.

Then if you want to make a hole:
iptables -A FORWARD -p tcp -o eth1 --dport 80 -j ACCEPT
will allow users form LAN to connect to websites (port 80)

I'm sure you'll figure it out, there's planty of tutorials.

PS. Packet forward needs to be turned on. This should do the job:
echo 1 > /proc/sys/net/ipv4/ip_forward
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Building an OpenBSD 3.6 firewall/router... Erik Thorsson *BSD 6 02-11-2005 03:27 PM
building a router with RH9 or slackware help needed dark_templar Linux - Networking 8 07-27-2004 05:31 AM
Building up a router-firewall on Slackware 9.1 ZeiP Linux - Networking 1 02-11-2004 06:09 PM
Building router/firewall from a computer apberzerk Linux - Hardware 10 01-13-2004 11:19 AM
Firewall/Router, building my own server, plz review list awbassett1 Linux - Security 6 06-06-2003 05:23 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 08:56 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration