|
how to make the internet go through the firwall to private network!!!
hi all i am new with IP tables stuff and i have a problem....
i have a pc Contain a fedora OS and i want to make a small network (4 PCs Contain XP OS) and using the pc of fedora OS as a firewall i want to Prevent the ping (i think it called(ICMP)) in the privat network and prevent one of the PCs from Browsing internet(prevent port 80 and 81 as i think) and i still don't know how to make the internet go Through the firewall to the private network... note: WAN = eth0 LAN = eth1 any one can help plz!!!! |
Hello and welcome to LinuxQuestions,
First of all, please change your thread title to something more descriptive if you want to draw attention to your question. The one you put has a reversed effect here at LQ. That being said, you should research for yourself and not ask us for ready made solutions or personalized howto guides. The man page for IPTABLES is a very good first starting point. Other documentation can be found here: Linux firewalls using iptables Linux Firewall tutorial Iptables tutorial If you have some rules that you've tested and believe that fail, then post them here and we'll have a look. Kind regards, Eric |
Quote:
|
Hi,
What rules have you set for your iptables firewall? Kind regards, Eric |
[root@myServer ~ ] # iptables -A INPUT -p tcp -m tcp --dport 80 -j reject
[root@myServer ~ ] # iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP [root@myServer ~ ] # service iptables save [root@myServer ~ ] # service iptables restart and i tried to this one to make the internet go through but it's failed [root@myServer ~ ] # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE to be Honest i don't know if the above rules is correct!! |
Well... while I agree that you need to do a lot of personal study, I must admit it was at first VERY confusing for me when I tried to read through all these "iptables tutorials" in order to achieve my rather generic goals. But you'll have to anyway.
But answering your direct question: for a gateway to function you need to enable IP-forwarding in order to get ANY packages travel from LAN to WAN and vice versa (with or without ip filtering): How to enable ip-forwarding on a Linux host? Google will help easily. Then about you pinging question... Who must not ping who in your setup??? This is not clear from your question, sorry. If it is your LAN machines not to be able to ping one another, for example, then your gateway has nothing to do with it. Configure your Windows hosts accordingly. Otherwise define more clearly your goal. Then about your PC that's not supposed to browse the web: does it need to have ANY Internet access at all? Or do you mean only to prevent it from web-browsing yet give it access to some other Internet services? The simpler the better, don't forget. Or you may ask yourself: "what sort of Internet access do I want to ALLOW for the host in question?" You see: the simplest/safest approach to firewall rules in general is to DENY everything and define what you want to ALLOW. You'll find it in all tutorials. Logical, isn't it? Then about your "WAN" interface: is it a direct cable connection to Internet with a fixed address? Or the same with DHCP? ...So you must have/give a more clear picture of what you want and what you don't in the terms of a network sysadmin, not of a generic user. These programs are NOT written to provide some "safe defaults" for the things you forgot to take into account, for they rather "think" that the safest default ever is to switch the computer off. Just with your question it is not clear what you already know and what you don't, so let's start with the questions above. |
Sending a proxy.pac file would do it.
|
How is your Fedora firewall box connected to the internet?
Is it in a home connected to an ISP, like Verizon FIOS or Comcast or your phone company's DSL? Or is it connected to a commercial provider? If it's in a home, you very likely have been provided with a router, which also does filtering. If it's connected to a commercial provider, you'll need to find out what you're connected to. Is there just a router? Or a router with some firewall capability? Also, you asked about going through the firewall to the private network. Are you talking about accessing your private network from outside? For example, logging into your home PC from work? I do that, but it's a different question. |
jefro,
What is a "proxy.pac"? W/ no link, context, or explanation, your post is in technical violation of the LQ Rules: Quote:
In the future, when you are about to make such a short, cryptic post, please consider the LQ & Linux experience level of the person you are speaking to. -- In this case OP has only 3 posts here. Thank you for your co-operation. |
Add LQ rule reference
Shadowtrooper,
Is this proposed Fedora based firewall external, i.e. connected directly to the 'Net; or internal, i.e. isolating a subnet from the rest of your LAN? If you know little or nothing about iptables, an external firewall is not the place to learn. It's dangerous to the point of being foolhardy. Furthermore, IMNRHO, the goals of the Fedora project are not compatible w/ those of a firewall. Use IPCop instead. If you must use a Red Hat type OS, then it should be CentOS. What do "pc Contain a fedora OS" & "(4 PCs Contain XP OS)" mean? -- Is Contain a specific piece of s/w, or are you just unfamiliar w/ the rules of capitalization in English? Did you mean "containing", i.e. "running"? Before you go any further, please answer the clarifying questions asked by EricTRA, kostya, KenJackson, & me. Until we know your LAN structure, we don't know what danger we are helping you put yourself & your LAN into. From the LQ Rules: Quote:
|
| All times are GMT -5. The time now is 06:58 PM. |