LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   firewall and nat (https://www.linuxquestions.org/questions/linux-networking-3/firewall-and-nat-150074/)

nakkaya 02-24-2004 04:20 PM
firewall and nat
 
the script below is running on my router or should be running cause there is something i just could not figured out it is not working system is runing slackware 9.1 eth0 is the cable connection eth1 is my laptop connected to it eth1 has static ip and eth0 uses dhcp

when running it i cannot reach outside my network. can any one point me to the problem..
thx

#!/bin/sh

#Change the part after the = to the where you IPTABLES is on your system
IPTABLES=/usr/sbin/iptables

#bring up eth1
/sbin/ifconfig eth1 192.168.0.1 broadcast 192.168.0.255 netmask 255.255.255.0
#eneable ipmasq
$IPTABLES -F -t nat
$IPTABLES -A POSTROUTING -t nat -o eth0 -j MASQUERADE
echo 1 >/proc/sys/net/ipv4/ip_forward


#flush existing rules
$IPTABLES -F INPUT

#This allows all data that has been sent out for the computer running the firewall
# to come back
#(for all of ICMP/TCP/UDP).
#For example, if a ping request is made it will allow the reply back
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth0 -p icmp
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth0 -p tcp
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth0 -p udp

#Allow traffic from ethernet adapter eth1 to pass through if
#you have a network, or
#as using linux as a router for internet etc.
#Your first ethernet card is eth0 and the second would be eth1 etc.
$IPTABLES -A INPUT -i eth1 -j ACCEPT

#Allow incoming SSH requests
$IPTABLES -A INPUT -p tcp --dport 22 -j ACCEPT

#Allow incoming HTTP requests (to Web server)
$IPTABLES -A INPUT -p tcp --dport 80 -j ACCEPT


#Allow Ping echo
#I have commented this line, so ping from an outside machine will not work.
#Uncomment the next line to make ping from outside work.
#$IPTABLES -A INPUT -p icmp -j ACCEPT


#Drop and log all other data
#The logging is set so if more than 5 packets are dropped in
#three seconds they will be ignored. This helps to prevent a DOS attack
#Crashing the computer the firewall is running on
$IPTABLES -A INPUT -m limit --limit 3/second --limit-burst 5 -i ! lo -j LOG
$IPTABLES -A INPUT -i ! lo -j DROP

$IPTABLES -A FORWARD -m limit --limit 3/second --limit-burst 5 -i ! lo -j LOG
$IPTABLES -A FORWARD -i ! lo -j DROP


#The logs from the firewall are put into your system log file, which can be found at #/var/log/syslog

benjithegreat98 02-24-2004 09:00 PM
Can you ping between the 2 computers? Could it be DNS? possibly? Try to ping an ip address from your laptop. google.com is 216.239.37.99. If you successfully ping that IP address then the DNS settings on your laptop are not properly set.

nakkaya 02-25-2004 06:56 AM
yeah i can ping between computer it is not dns cause /etc/resolve.conf looks fine.....

benjithegreat98 02-25-2004 08:58 AM
Does your rules include anyway to forward packets?

try adding something like this

$IPTABLES -P FORWARD DROP

$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -m state --state NEW -i ! eth0 -j ACCEPT


All times are GMT -5. The time now is 10:40 PM.