iptables script not working
Dear All,
I asked to setup a firewall that have two zones. My LAN having 192.168.1.0/24 (firewall eth1 - 192.168.1.200) and router's connected ip 10.64.78.1/24 (firewall eth0 - 10.64.78.2). I have written a script with drop policy. Internal (192.168.1.0/24) pcs need to access external SMTP/POP server ip a.b.c.d and also few pcs need to connect to it via SSH(putty). I have tried to do this using following script and it is not working.(I am only having experience to write few rules for SMTP/POP servers using INPUT and OUTPUT chains that not FORWARD chain) Code:
# Drop all Pls someone help meto correct this.. Lasantha |
Replace those FORWARD rules with these:
Code:
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT Code:
cat /proc/sys/net/ipv4/ip_forward Code:
echo 1 > /proc/sys/net/ipv4/ip_forward |
Thanks very much. I got the whole theory from the codes you have sent.
Its really helpful. I was stuck in there to apply nat for that. Now you have cleared the way. Thanks..... |
Dear win32sux,
I have done that and I am wondering way I cant integrate INPUT, OUTPUT rules that I have create for the firewall box listed bellow. If I run the following rules I cant log to firewall box via ssh because my link disconnects. If you have time pls check and just guide me for corrections(Highly appreciate If you can correct). Any way thanks for the contribution that you have done for this thread. Code:
# Drop all Lasantha |
It wouldn't work with IPTABLES written in capital letters like that.
|
Dear win32sux,
Actually this is a typing mistake and I am very sorry for that. Normally I do this with the simple letters only as like upper lines in the script. script -> http://pastebin.com/m248994af I would highly appreciate If you can correct. Thanks Lasantha |
It's so much better if you just paste here using CODE tags instead of on that website. In any case, troubleshooting this should be really easy. Change your OUTPUT policy to ACCEPT and try again. If it then works, you know the problem is with your OUTPUT rule. If it still doesn't work, are you positive that 192.168.1.200 is the IP of this box? Your last troubleshooting step will be to enable logging of filtered packets to see what exactly is going on here.
Code:
iptables -A INPUT -j LOG --log-prefix "INPUT DROP: " |
All times are GMT -5. The time now is 04:34 PM. |