Well I have setuped a small firewall for a local network. Here it is:
Code:
#!/bin/sh
FWVER=0.73
IPTABLES=/usr/sbin/iptables
DEPMOD=/sbin/depmod
INSMOD=/sbin/insmod
EXTIF="eth1"
INTIF="eth0"
echo " External Interface: $EXTIF"
echo " Internal Interface: $INTIF"
echo "----------------------------------------------------------------------"
echo " Enabling forwarding.."
echo "1" > /proc/sys/net/ipv4/ip_forward
echo " Enabling DynamicAddr.."
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
#echo " Disabling ICMP Requests.."
#echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo " Clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -t nat -F
echo " Setting the default FORWARD policy to DROP"
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
echo " Setting the FORWARD policy to 'DROP' all incoming / unrelated traffic"
$IPTABLES -A INPUT -i $EXTIF -m state --state INVALID -j DROP
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -s 192.168.53.9 -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -s 192.168.53.20 -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -s 192.168.53.21 -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -s 192.168.53.22 -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -s 192.168.53.23 -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -s 192.168.53.24 -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -s 192.168.53.25 -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -s 192.168.53.26 -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -s 192.168.53.27 -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -s 192.168.53.28 -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -s 192.168.53.29 -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -s 192.168.53.30 -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -s 192.168.53.31 -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -s 192.168.53.32 -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -s 192.168.53.33 -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -s 192.168.53.34 -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -s 192.168.53.35 -j ACCEPT
#$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -s 192.168.0.9/32 -j ACCEPT
$IPTABLES -A FORWARD -j LOG
################
echo " PREROUTING CHAIN... Redirect HTTP for a transparent proxy "
#
#$IPTABLES -t nat -A PREROUTING -i $EXTIF -p tcp --destination-port 80 \
# -j REDIRECT --to-ports 3128
###############
echo " Enabling SNAT (IPMASQ) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -s 192.168.53.9 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -s 192.168.53.20 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -s 192.168.53.21 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -s 192.168.53.22 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -s 192.168.53.23 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -s 192.168.53.24 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -s 192.168.53.25 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -s 192.168.53.26 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -s 192.168.53.27 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -s 192.168.53.28 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -s 192.168.53.29 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -s 192.168.53.30 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -s 192.168.53.31 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -s 192.168.53.32 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -s 192.168.53.33 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -s 192.168.53.34 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -s 192.168.53.35 -j MASQUERADE
But when some asignes with ip for example .... 200 is gettin it through and has access to the internet. I have also transperant proxy ... where's the problem ?