Why doesnt my firewall block all ports
Hi guys Ive got the following script :
#!/bin/bash
echo ""
echo ""
mii-tool -F 10baseT-HD eth0
echo "Setting IPTABLES,IFCONFIG and ROUTE"
EXT_NIC="eth0"
EXT_IP="192.168.0.82"
INT_NIC="eth1"
INT_IP="192.168.1.1"
echo "flushing IPTABLES"
iptables -F
iptables -F -t nat
iptables -F -t mangle
iptables -X -t nat
iptables -X -t mangle
iptables -X
echo "Setting routing $EXT_NIC -> $INT_NIC"
iptables -t nat -A POSTROUTING -o $EXT_NIC -j MASQUERADE
echo "Adding Firewall State Rules"
iptables -A INPUT -p icmp -i eth0 -m state --state NEW,INVALID -j LOG
iptables -A INPUT -p icmp -i eth0 -m state --state NEW,INVALID -j ACCEPT
iptables -A INPUT -i $EXT_NIC -m state --state ESTABLISHED,RELATED -j ACCEPT
#Transparent proxy
echo "Enabling Transparent Proxy"
iptables -t nat -A PREROUTING -i eth0 -s ! 10.2.2.1 -p tcp --dport 80 -j DNAT --to 10.2.2.1:8080
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0 -d 10.2.2.1 -j SNAT --to 192.168.0.82
iptables -A FORWARD -s 192.168.0.0 -d 10.2.2.1 -i eth0 -o eth0 -p tcp --dport 8080 -j ACCEPT
echo "Opening Few Ports for the external network"
#iptables -A INPUT -p tcp -i $EXT_NIC --dport 22 -j ACCEPT #SSH (TCP)
#iptables -A INPUT -p tcp -i $EXT_NIC --dport 80 -j DROP #HTTP (TCP)
echo "Drop ALL Other Connections on the external network"
iptables -A INPUT -i $EXT_NIC -j DROP
echo "Droping Few Ports for the internal network"
#iptables -A INPUT -p tcp -i $INT_NIC --dport 1863 -j DROP #MSN (TCP)
#iptables -A INPUT -p tcp -i $INT_NIC --dport 21 -j DROP #FTP (TCP)
echo "Enabling IPForwarding"
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "..."
echo "Internet sharing is enabled, happy surfing..."
The prob is that the script is supposed to block all the connections to the external interface exept for port 80 and ssh
but when I do a nmap port scan on the interface I get several other ports including ports for mysql sendmail etc......
Why is that happening ?
|