LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-24-2004, 04:20 PM   #1
nakkaya
LQ Guru
 
Registered: Jan 2003
Location: Turkey&USA
Distribution: Emacs and linux is its device driver(Slackware,redhat)
Posts: 1,398

Rep: Reputation: 45
firewall and nat


the script below is running on my router or should be running cause there is something i just could not figured out it is not working system is runing slackware 9.1 eth0 is the cable connection eth1 is my laptop connected to it eth1 has static ip and eth0 uses dhcp

when running it i cannot reach outside my network. can any one point me to the problem..
thx

#!/bin/sh

#Change the part after the = to the where you IPTABLES is on your system
IPTABLES=/usr/sbin/iptables

#bring up eth1
/sbin/ifconfig eth1 192.168.0.1 broadcast 192.168.0.255 netmask 255.255.255.0
#eneable ipmasq
$IPTABLES -F -t nat
$IPTABLES -A POSTROUTING -t nat -o eth0 -j MASQUERADE
echo 1 >/proc/sys/net/ipv4/ip_forward


#flush existing rules
$IPTABLES -F INPUT

#This allows all data that has been sent out for the computer running the firewall
# to come back
#(for all of ICMP/TCP/UDP).
#For example, if a ping request is made it will allow the reply back
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth0 -p icmp
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth0 -p tcp
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED -i eth0 -p udp

#Allow traffic from ethernet adapter eth1 to pass through if
#you have a network, or
#as using linux as a router for internet etc.
#Your first ethernet card is eth0 and the second would be eth1 etc.
$IPTABLES -A INPUT -i eth1 -j ACCEPT

#Allow incoming SSH requests
$IPTABLES -A INPUT -p tcp --dport 22 -j ACCEPT

#Allow incoming HTTP requests (to Web server)
$IPTABLES -A INPUT -p tcp --dport 80 -j ACCEPT


#Allow Ping echo
#I have commented this line, so ping from an outside machine will not work.
#Uncomment the next line to make ping from outside work.
#$IPTABLES -A INPUT -p icmp -j ACCEPT


#Drop and log all other data
#The logging is set so if more than 5 packets are dropped in
#three seconds they will be ignored. This helps to prevent a DOS attack
#Crashing the computer the firewall is running on
$IPTABLES -A INPUT -m limit --limit 3/second --limit-burst 5 -i ! lo -j LOG
$IPTABLES -A INPUT -i ! lo -j DROP

$IPTABLES -A FORWARD -m limit --limit 3/second --limit-burst 5 -i ! lo -j LOG
$IPTABLES -A FORWARD -i ! lo -j DROP


#The logs from the firewall are put into your system log file, which can be found at #/var/log/syslog
 
Old 02-24-2004, 09:00 PM   #2
benjithegreat98
Senior Member
 
Registered: Dec 2003
Location: Shelbyville, TN, USA
Distribution: Fedora Core, CentOS
Posts: 1,019

Rep: Reputation: 45
Can you ping between the 2 computers? Could it be DNS? possibly? Try to ping an ip address from your laptop. google.com is 216.239.37.99. If you successfully ping that IP address then the DNS settings on your laptop are not properly set.
 
Old 02-25-2004, 06:56 AM   #3
nakkaya
LQ Guru
 
Registered: Jan 2003
Location: Turkey&USA
Distribution: Emacs and linux is its device driver(Slackware,redhat)
Posts: 1,398

Original Poster
Rep: Reputation: 45
yeah i can ping between computer it is not dns cause /etc/resolve.conf looks fine.....
 
Old 02-25-2004, 08:58 AM   #4
benjithegreat98
Senior Member
 
Registered: Dec 2003
Location: Shelbyville, TN, USA
Distribution: Fedora Core, CentOS
Posts: 1,019

Rep: Reputation: 45
Does your rules include anyway to forward packets?

try adding something like this

$IPTABLES -P FORWARD DROP

$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -m state --state NEW -i ! eth0 -j ACCEPT
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
fedora firewall/nat screwage Linux - Security 1 01-14-2005 09:36 PM
firewall behind a nat wrat Linux - Security 3 06-15-2004 11:28 AM
setting up firewall/nat goldenbrodie Linux - Networking 2 02-25-2004 08:31 AM
help with configuring a firewall and NAT fhiggins Linux - Networking 0 09-26-2003 02:55 PM
NAT can't redirect from firewall kelper Linux - Security 2 07-30-2003 04:40 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:14 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration