Firewall troubles

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello all,

I'm running debian 3.0r1 stable with all security and usual updates. I was
running a 
firewall wich is send with this e-mail as attachment. 

It was running fine, but recently my hdd died and recovery was to expensive
and not 
necessary because I had a backup. I installed debian again, did all updates
and I wanted 
to load the firewall, but when I load this one, my remote login hangs, I
can't ping 
my server anymore and my network isn't working anymore, but the script has
runned fine 
before. What is the problem? At this moment ipmasq is also installed to keep
my network 
running, this is conflicting, I know but I don't know anything else.

Can someone point me in the right direction? I'm using linux/debian from
november 2002, 
so my knowledge is very small.

HTH,

Willem-Jan Meijer
Netherlands

Windows: Where do you want to go today?
MacOS:   Where do you want to be tomorrow?
Linux:   Are you coming or what?
echo -n "IPTables Firewall."
IPTABLES="/sbin/iptables"

#FLUSH
echo -n "Flush all tables."
$IPTABLES --flush
echo -n "."
$IPTABLES --table nat --flush
echo -n "."
$IPTABLES --delete-chain
echo -n "."
$IPTABLES --table nat --delete-chain
echo ". done"

echo -n " Setting up masquerading rules."
# Set up IPFORWARDing and Masquerading
$IPTABLES --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
echo -n "."
$IPTABLES --append FORWARD --in-interface eth1 -j ACCEPT
echo ". done"

echo -n "Setting rules for loopback device."
# Allow loopback access.
$IPTABLES -A INPUT -i lo -p all -j ACCEPT
echo -n "."
$IPTABLES -A OUTPUT -o lo -p all -j ACCEPT
echo -n "."

echo -n "Setting rules for eth0 device."
# accept established connections
$IPTABLES -A INPUT -i eht0 -m state --state ESTABLISHED,RELATED -j ACCEPT
echo -n "."
#$IPTABLES -A INPUT -p tcp --tcp-option ! 2 -j REJECT --reject-with tcp-reset
#echo -n "."
$IPTABLES -A INPUT -p tcp -i eth0 --dport 21 -j ACCEPT
echo -n "."
$IPTABLES -A INPUT -p udp -i eth0 --dport 21 -j ACCEPT
echo -n "."
$IPTABLES -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT
echo -n "."
$IPTABLES -A INPUT -p udp -i eth0 --dport 22 -j ACCEPT
echo -n "."
$IPTABLES -A INPUT -p tcp -i eth0 --dport 25 -j ACCEPT
echo -n "."
$IPTABLES -A INPUT -p udp -i eth0 --dport 25 -j ACCEPT
echo -n "."
$IPTABLES -A INPUT -p tcp -i eth0 --dport 80 -j ACCEPT
echo -n "."
$IPTABLES -A INPUT -p udp -i eth0 --dport 80 -j ACCEPT
echo -n "."
$IPTABLES -A INPUT -p tcp -i eth0 --dport 110 -j ACCEPT
echo -n "."
$IPTABLES -A INPUT -p udp -i eth0 --dport 110 -j ACCEPT
echo -n "."
$IPTABLES -A INPUT -p tcp -i eth0 --dport 65500:65535 -j ACCEPT
echo -n "."
$IPTABLES -A INPUT -p udp -i eth0 --dport 65500:65535 -j ACCEPT
echo -n "."
$IPTABLES -A INPUT -p icmp -i eth0 -j ACCEPT
echo ". done"

echo -n " Setting rules for eth1 device."
# Accept all incoming connections
$IPTABLES -A INPUT -i eth1 -p all -j ACCEPT
echo ". done"

echo -n " Drop all other connection attempts."
$IPTABLES -P INPUT DROP
echo ". done"

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux