Re: Firewall frustration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Thanks I will read this through a bit later. Perhaps I was making more of it than needed, but my attempts were not working. And all I was trying for at first was to allow SSH through.

Steven Haigh wrote:

On 02/01/2008, at 4:11 AM, Robert Moskowitz wrote:
I spent much of the past 24 hours trying to find out how to set up iptables for firewall routing WITHOUT NATing. Could not find anything.


*boggle* Is it really that hard?

## Clear up whatever is in there at the moment.
iptables -F INPUT
iptables -F FORWARD
iptables -F OUTPUT
iptables -t nat -F POSTROUTING

## Accept anything related to existing connections
iptables -A INPUT -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT

## I want to allow incoming port 80 to 1.2.3.4
iptables -A FORWARD -i ppp0 -d 1.2.3.4 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT

## I want to allow incoming port 123 (ntp) to 1.2.3.6
iptables -A FORWARD -i ppp0 -d 1.2.3.6 -p udp -m udp --dport 123 -j ACCEPT

## Lets block ALL other incoming things
iptables -A INPUT -j DROP
iptables -A FORWARD -j DROP

There you go. That's a very basic firewall using iptables in about 3 minutes :)

--
Steven Haigh

Email: netwiz@xxxxxxxxx
Web: http://www.crc.id.au
Phone: (03) 9001 6090 - 0412 935 897



_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux