Problem configuring firewall
Hope someone will reply as tise thread is so old now.I tried the above mentioned methods using Fedora 16. But didn't work.Will someone help me to figure out the problem? I will give indetail information if I get a reply. Thank You.
|
GanIT: give me details what you want to achieve and I would give solution.
|
Actually I was trying to make a firewall for my ADSL. Although my main target is to make a firewall for two ADSL connections, first I'm trying to build it for one connection. I used two ehternet cards eth1 for router side p17p1 for LAN side once I succesfully configured both NICs and apply iptable rules on iptable.conf file I try to restart iptable service then I'm getting this error message "Redirecting to /binsystemctl restart iptables.service Job failed. See system logs and ‘systeml status’ for details." When I check /var/logs following logs are created
Localhost iptables.init[2321] : iptables: Appying firewall rules: [FAILED] Localhost systemd[1]: iptables.service: main process exited, code=exited, status=1 Localhost sytemd[1]: Unit iptables.service entered failed state. From linux box I can ping a PC which on LAN and can ping router as well. And I can ping both eth1 and p17p1(can ping eth1 only if set default gateway address of client PC as 192.168.1.1[eth1 ip]) from a PC in the LAN but cann’t ping the router. And no internet connection to clients on LAN as well. (have setup DNS in resolv.conf) Is it a problem with rules I entered in iptables or error on iptable? Please help as I'm strugling to fix this problem for three months. Following are the rules I entered in iptables under nat *nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A POSTROUTING –out-interface eth1 –j MASQUERADE -A FORWARD –in-interface p17p1 –j ACCEPT COMMIT |
Anybody like to help on my issue. Or do I have to openup a new thread for this?
|
Give us those failing scripts.
I can give working configuration, as I have firewall/nat on my server. You need dhcp, it would be good to have dns and proxy as well on server, as dns and proxy would speed up a bit your connection. I have dynamic solution. Static solution is hard to manage. Code:
#!/bin/sh Code:
# A basic config file for the /etc/init.d/iptable-persistent script With IPtables - I have quite extensive rules, which are prepared for a lot more complex setup, then yours (bridge, some services on server), so to use my rules I have to filter out parts which you do not need. |
Since the original thread was 7 years old, and yours doesn't deal with content filtering, I moved your posts to it's own thread.
|
All times are GMT -5. The time now is 04:56 PM. |