LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-07-2003, 04:27 PM   #1
Neomaster
Member
 
Registered: May 2003
Location: Digital world
Posts: 113

Rep: Reputation: 15
Question iptables script prob


#

#!/bin/bash

# Load required modules
insmod ip_tables
insmod ip_conntrack
insmod iptable_nat
insmod ipt_MASQUERADE

# Then flush all rules
iptables -F
iptables -t nat -F

# In the NAT table (-t nat), Append a rule (-A) after routing
# (POSTROUTING) for all packets going out ppp0 (-o ppp0) which says to
# MASQUERADE the connection (-j MASQUERADE).

#iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

# Below means 'route 192.168.1.x'
iptables -t nat -A POSTROUTING -d ! 192.168.1.0/24 -j MASQUERADE

iptables -A FORWARD -s 192.168.1.0/24 -j ACCEPT
iptables -A FORWARD -d 192.168.1.0/24 -j ACCEPT
iptables -A FORWARD -s ! 192.168.1.0/24 -j DROP

# Disallow NEW and INVALID incoming or forwarded packets from ppp0.
#iptables -A INPUT -i ppp0 -m state --state NEW,INVALID -j DROP
#iptables -A FORWARD -i ppp0 -m state --state NEW,INVALID -j DROP

# port 113 is evil
iptables -A INPUT --protocol udp --source-port 113 -j DROP
iptables -A INPUT --protocol udp --destination-port 113 -j DROP

# Turn on IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

#iptables -A INPUT --protocol udp --source-port 113 -j DROP

# Route incoming ppp0 at port 80, to 192.168.1.18:80
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 80 -j DNAT --to 192.168.1.18:80

# Route incoming ppp0 at port 21, to 192.168.1.18:21
iptables -A PREROUTING -t nat -p tcp -i ppp0 --dport 21 -j DNAT --to 192.168.1.18:21



If i don't have any Load required modules i don't have to put that in my script?All i have is ipt_REJECT iptables_filter iptables that all i have.I take this is a good start out for a dial-up?


 
Old 06-07-2003, 05:54 PM   #2
je_fro
Member
 
Registered: Nov 2002
Location: /texas/austin/home/desk
Distribution: Gentoo
Posts: 341

Rep: Reputation: 30
What's your kernel .config?

My /usr/src/linux/.config contains: (under networking...)


# IP: Netfilter Configuration
#
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_FTP=y
CONFIG_IP_NF_IRC=y
# CONFIG_IP_NF_QUEUE is not set
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_MATCH_LIMIT=m
CONFIG_IP_NF_MATCH_MAC=m
CONFIG_IP_NF_MATCH_PKTTYPE=m
CONFIG_IP_NF_MATCH_MARK=m
CONFIG_IP_NF_MATCH_MULTIPORT=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_DSCP=m
CONFIG_IP_NF_MATCH_AH_ESP=m
CONFIG_IP_NF_MATCH_LENGTH=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_MATCH_TCPMSS=m
CONFIG_IP_NF_MATCH_HELPER=m
CONFIG_IP_NF_MATCH_STATE=m
CONFIG_IP_NF_MATCH_CONNTRACK=m
CONFIG_IP_NF_MATCH_UNCLEAN=m
CONFIG_IP_NF_MATCH_OWNER=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_MIRROR=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_NF_NAT_LOCAL=y
CONFIG_IP_NF_NAT_SNMP_BASIC=m
CONFIG_IP_NF_NAT_IRC=m
CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_DSCP=m
CONFIG_IP_NF_TARGET_MARK=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_IP_NF_TARGET_TCPMSS=m
# CONFIG_IP_NF_ARPTABLES is not set
# CONFIG_IPV6 is not set
# CONFIG_KHTTPD is not set
CONFIG_ATM=y
CONFIG_ATM_CLIP=y
# CONFIG_ATM_CLIP_NO_ICMP is not set
# CONFIG_ATM_LANE is not set
# CONFIG_ATM_BR2684 is not set
# CONFIG_VLAN_8021Q is not set



If you've got stuff built in, then no need to load modules.
 
Old 06-07-2003, 06:11 PM   #3
Neomaster
Member
 
Registered: May 2003
Location: Digital world
Posts: 113

Original Poster
Rep: Reputation: 15
I not sure what i have build into the kernel when i install red hat 8.0.IHow could i find out?
 
Old 06-07-2003, 06:19 PM   #4
je_fro
Member
 
Registered: Nov 2002
Location: /texas/austin/home/desk
Distribution: Gentoo
Posts: 341

Rep: Reputation: 30
I think RH has it as modules.

They'll get loaded automagically when needed.
Just write your script (for example, call it firescript) and do (as su):

sh firescript

then do:

iptables -L

to see the rules.

then do:

iptables-save > /etc/sysconfig/iptables

That will cause your rules to be loaded every time you boot.
 
Old 06-07-2003, 06:31 PM   #5
je_fro
Member
 
Registered: Nov 2002
Location: /texas/austin/home/desk
Distribution: Gentoo
Posts: 341

Rep: Reputation: 30
Yo!

I changed my font back to default on AIM. Maybe you can see now...
 
Old 06-07-2003, 08:01 PM   #6
lelski
LQ Newbie
 
Registered: Jun 2003
Distribution: Gibraltar(CD-Debian-based firewall); rh7.3; Slackware 8.1, 9.0; Solaris 8.0 Intel
Posts: 6

Rep: Reputation: 0
we all know that www.iptables.org helps
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Iptables (with masq) troubleshooting, very simple script attached script and logs. xinu Linux - Networking 13 11-01-2007 05:19 AM
prob with iptables sandy Linux - Networking 1 04-14-2003 04:08 PM
bash script prob: how can i tell the script that a 'dd' has finished? Frustin Linux - General 2 04-02-2003 06:34 AM
My iptables script is /etc/sysconfig/iptables. How do i make this baby execute on boo ForumKid Linux - General 3 01-22-2002 08:36 AM
iptables mobile users prob hirschma Linux - Security 1 09-13-2001 04:00 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 07:37 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration