iptables fowarding

ComputerHermit_ · 08-05-2007, 10:36 AM

Hi everyone I'm a bit confused I been reading about iptables and ip fowarding. What I'm confused about is. If I turn on ip fowarding will my computer act like a router? If I turn off ip fowarding will it not act like a router?

Brian1 · 08-05-2007, 11:00 AM

Enabling ip forwarding will allow data on the internal set nic to send its data to the wan outside nic if that is its required destiantion. But will not allow outsdie connections to internal machines on the other nic unless other rules are added. So in essence you get the very basics of a store bought router but add needed rules to block all ports on the wan nic unless they are needed open.

Brian

acid_kewpie · 08-05-2007, 11:00 AM

yes, ip forwarding *is* routing, i.e. forwarding a packet when it is not intended for ip addresses held locally to that machine. there is more to it than just that when done correctly, but that does essentially make it a router.

ComputerHermit_ · 08-05-2007, 11:18 AM

Thank's guy's for your quick reply. This is the other thing that I'm confused about. Let me explane in the town I live in we have free wireless bubbles and being poor as me this is a good thing anyway I have to block some people mac addresses from my computer.

Now will their computer still be able to browse the Internet on the router even though I block them off of my computer? To my knolage they should but I need better input this is why I did not want my computer to act like a router.

win32sux · 08-05-2007, 12:00 PM

Quote:

Originally Posted by ComputerHermit_

Thank's guy's for your quick reply. This is the other thing that I'm confused about. Let me explane in the town I live in we have free wireless bubbles and being poor as me this is a good thing anyway I have to block some people mac addresses from my computer.

Is your computer the router too? And also, why are these people not blocked from your computer in the first place? Are you running services on it?

Quote:

Now will their computer still be able to browse the Internet on the router even though I block them off of my computer? To my knolage they should but I need better input this is why I did not want my computer to act like a router.

If your computer is the router, then blocking connections from the clients to the router will not affect the connections they can make through the router. It's two separate issues (INPUT vs. FORWARD chains).

ComputerHermit_ · 08-05-2007, 12:51 PM

win32sux thanks
my computer is not the router I know this after asking here my computer has no
services on it but some of the other people computer's have the ms browser service running. Them computers I block thanks again.

win32sux · 08-06-2007, 01:20 AM

Quote:

Originally Posted by ComputerHermit_

win32sux thanks
my computer is not the router I know this after asking here my computer has no
services on it but some of the other people computer's have the ms browser service running. Them computers I block thanks again.

In that case just block all incoming connections to your computer - not just from some MACs. MACs can be easily spoofed, making your rules completely ineffective. Besides, blocking all non-necessary incoming connections is a good idea either way. Here's the basic commands for this (assuming you have not changed the default iptables settings yet):

Code:

iptables -P INPUT DROP
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT

You should probably do some reading-up on iptables and stuff, depending on how much sense the above commands make to you. A good place to start is Wikipedia. There's some good links at the bottom of the page.

ComputerHermit_ · 08-06-2007, 12:32 PM

win32sux
Thanks I have been reading up on iptables I understanding it a bit better then I did thanks alot I was trying to look for info. On useing iptables to stop or filter arp request. From computers on the wrieless network and comeing in to this computer. Any idea's?