FTP, Kazaa, Internet, ICQ and access the IMAP server of Netscape with my Netscape Client

"Daniel Arjona" <darjona@xxxxxxxxxxxxxxx> · Mon, 25 Aug 2003 15:34:42 -0500

Hello:

I tried to configure an iptables firewall, but i can't.  I need cofigure
this to use FTP, Kazaa, Internet, ICQ and access the IMAP server of Netscape
with my Netscape Client.
I'm a Linux newbie.
Please Help me!!!

Regards,

DANIEL ARJONA
PD:  SEE MY IPTABLES SCRIPT

## eth1 = my local interface
## eth0 = public network interface
## XXX.XXX.XXX.0/24 = My local subnet

## FLUSH
iptables -F
iptables -X
iptables -Z
iptables -t nat -F

## DEFAULT POLICIES
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT

## LOCAL HOST
iptables -A INPUT -i lo -j ACCEPT

## ACCEPT ACCESS FROM THE LOCAL NETWORK & LOCAL INTERFACE
iptables -A INPUT -s XXX.XXX.XXX.0/24 -i eth1 -j ACCEPT

## SMTP Port
iptables -A INPUT -s 0.0.0.0/0 -p tcp --dport 25 -j ACCEPT

## POP3 Port
iptables -A INPUT -s 0.0.0.0/0 -p tcp --dport 110 -j ACCEPT

## FORWARDS TO HTTP PORT
iptables -A FORWARD -s XXX.XXX.XXX.0/24 -i eth1 -p tcp --dport 80 -j ACCEPT

## FORWARDS TO HTTPS PORT
iptables -A FORWARD -s XXX.XXX.XXX.0/24 -i eth1 -p tcp --dport 443 -j ACCEPT

## FORWARDS TO IMAP PORT
iptables -A FORWARD -s XXX.XXX.XXX.0/24 -i eth1 -p tcp --dport 143 -j ACCEPT

## FORWARDS TO KAZAA PORT
iptables -A FORWARD -s XXX.XXX.XXX.0/24 -i eth1 -p tcp --dport 1214 -j
ACCEPT

## FORWARD TO DNS QUERIES PORT
iptables -A FORWARD -s XXX.XXX.XXX.0/24 -i eth1 -p tcp --dport 53 -j ACCEPT
iptables -A FORWARD -s XXX.XXX.XXX.0/24 -i eth1 -p udp --dport 53 -j ACCEPT

## FORWARDS TO FTP PORT
iptables -A FORWARD -s XXX.XXX.XXX.0/24 -i eth1 -p tcp --dport 21 -j ACCEPT

## DENIED FORWARD FOR THE OTHERS PORTS
iptables -A FORWARD -s XXX.XXX.XXX.0/24 -i eth1 -j DROP

## MASQUERADING OF THE LOCAL NETWORK
iptables -t nat -A POSTROUTING -s XXX.XXX.XXX.0/24 -o eth0 -j MASQUERADE

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -A INPUT -s 0.0.0.0/0 -i eth0 -p tcp --dport 1:1024 -j DROP
iptables -A INPUT -s 0.0.0.0/0 -i eth0 -p udp --dport 1:1024 -j DROP

## CLOSE WEBMIN PORT
iptables -A INPUT -s 0.0.0.0/0 -i eth0 -p tcp --dport 10000 -j DROP

echo " OK . Verifique que lo que se aplica con: iptables -L -n"

# END