hi guys, firts, sorry for my bad english, thats why am from venezuela!
i trying to do a firewall with policity INPUT OUTPUT and FORWARD DROP, but am a kid in linux, so... i already read too many man -help and bla bla bla, but i thing all i read it-s nice, but but but.! i got 2 NIC eth0 (internet) and eth1 (lan), my lan 192.168.0.0/24... my firewall have too squid and give dns for lan... with policities ACCEPT all working fine, but i want test with policies DROP, whith DROP, my firewall have normal connection, but my lan nothing.... then am asking if somebody can help me... here is my script...
Code:
#!/bin/sh
iptables -F
iptables -X
iptables -Z
iptables -t nat -F
iptables -t nat -X
iptables -t nat -Z
iptables -t mangle -F
iptables -t mangle -X
iptables -t mangle -Z
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --sport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --sport 80 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --sport 443 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
iptables -A INPUT -s 200.44.32.12 -p udp -m udp --sport 53 -j ACCEPT
iptables -A OUTPUT -d 200.44.32.12 -p udp -m udp --dport 53 -j ACCEPT
iptables -A INPUT -s 200.11.248.12 -p udp -m udp --sport 53 -j ACCEPT
iptables -A OUTPUT -d 200.11.248.12 -p udp -m udp --dport 53 -j ACCEPT
iptables -A INPUT -s 192.168.0.0/24 -i eth1 -j ACCEPT
iptables -A OUTPUT -s 192.168.0.0/24 -p icmp -j ACCEPT
iptables -t nat -A PREROUTING -i eth1 -s 192.168.0.0/24 -d ! 192.168.0.0/24 -p tcp --dport 80 -$
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
iptables -A FORWARD -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth1 -j MASQUERADE
iptables -t nat -A POSTROUTING -o tap+ -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A INPUT -i eth0 -p udp -s 0.0.0.0/0 -d 0.0.0.0/0 --sport 1194 --dport 1194 -j ACCEPT
iptables -A OUTPUT -o eth0 -p udp -s 0.0.0.0/0 -d 0.0.0.0/0 --sport 1194 --dport 1194 -j ACCEPT
iptables -A INPUT -i tap+ -p all -j ACCEPT
iptables -A OUTPUT -o tap+ -p all -j ACCEPT
so guys... here nothing rules for my lan can get internet..., so guys somebody can help me with this, i just need my pc-s into my lan can get dns from my firewall and can get internet (80 and 443) from my firewall... thanks any reply.