LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page Need help with iptables
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-03-2004, 05:35 PM   #1
Maranza
Member
 
Registered: Dec 2003
Distribution: Kubuntu Edgy
Posts: 38

Rep: Reputation: 15
Need help with iptables

i wrote this little script to get the firewall to a "safe" configuration. I'm not accepting any incoming connections but i allow my pc to connect to anyone. This is like being behind a router with no forwarding: browsing should be ok, but filesharing and such might give some problems. here's the script:
#!/bin/bash
iptables -A INPUT -s 127.0.0.1/255.255.255.255 -j ACCEPT
iptables -A INPUT -s 192.168.0.0/255.255.255.0 -j ACCEPT
iptables -A INPUT -s 192.168.1.0/255.255.255.0 -j ACCEPT
iptables -A INPUT -s 0.0.0.0/0.0.0.0 -j DROP

192.168.0.0/255.255.255.0 is a net between an eth dsl modem and my pc with eth0 and 192.168.1.0/255.255.255.0 is a net connecting my pc and another p with eth1. The second pc can access the internet using squid on the first pc.

The problem is that i can't lookup my hostname or browse the web using this configuration. Without the firewall everything runs fine. The dsl modem has a static ip 192.168.0.1 and it lends a dynamic ip to my pc (usually lends the ip obtained from the dsl provider).
What's wrong here? After i get the basic setup working, adding a few other entries for my filesharing programs shouldn't be hard...
 
Old 02-03-2004, 06:38 PM   #2
Maranza
Member
 
Registered: Dec 2003
Distribution: Kubuntu Edgy
Posts: 38

Original Poster
Rep: Reputation: 15
a little more info:

this is my routing table:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
82.48.147.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 82.48.147.117 0.0.0.0 UG 0 0 0 eth0


i really can't figure out what's wrong. I haven't blocked any outgoing connections!

and of course, everything runs fine if i add
iptables -A INPUT -d 82.48.147.116 -j ACCEPT (x.x.x.116 is my ip, x.x.x.117 is the gateway, misterious modem settings)
before the last line, but then i could just flush iptables down the toilet because every packet is accepted
Last edited by Maranza; 02-03-2004 at 06:57 PM.
 
Old 02-03-2004, 09:40 PM   #3
Vincent_Vega
Member
 
Registered: Nov 2003
Location: South Jersey
Distribution: Slackware, Raspbian, Manjaro
Posts: 826

Rep: Reputation: 31
What's your default OUTPUT policy? Also, you'll need to allow ESTABLISHED,RELATED connections coming in from the outside.

Maybe this one line will help you:

iptables -A INPUT -p all -m state --state ESTABLISHED,RELATED -j ACCEPT

but of course things get a lot more complex as you make your iptables better and better.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
An error occured getting IPtables status from the command /etc/rc.d/init.d/iptables s CrazyMAzeY Linux - Newbie 10 08-12-2010 05:25 AM
Iptables - Couldn't load target `ACCPET':/lib/iptables/libipt_ACCPET.so: z00t Linux - Security 3 01-26-2004 02:24 AM
IPtables Log Analyzer from http://www.gege.org/iptables/ brainlego Linux - Software 0 08-11-2003 06:08 AM
iptables book wich one can you pll recomment to be an iptables expert? linuxownt Linux - General 2 06-26-2003 04:38 PM
My iptables script is /etc/sysconfig/iptables. How do i make this baby execute on boo ForumKid Linux - General 3 01-22-2002 07:36 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 08:08 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration