Dear all
I want to share internet access on my LAN and my configurations are as below. (see picture)
Is my NAT configuration correct? I want to allow only some users to access the internet-and check mail using outlook express.
Thanks for helping.
Rgds
gy
iptables –vnL
*> Chain INPUT (policy DROP 485 packets, 51391 bytes)*
pkts bytes target prot opt in out source
destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp spt:53
21 4504 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp spt:53
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp spt:80
813 704K ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp spt:80
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp spt:443
16 3793 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp spt:443
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0
This is the traffic into the firewall host from both NICs. It's a good idea to put the ESTABLISHED, RELATED rule near the top of the chain. Also, it should not be limited to the loopback interface.
*Chain FORWARD (policy DROP 0 packets, 0 bytes)*
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- eth1 eth0 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- eth0 eth1 0.0.0.0/0
0.0.0.0/0
This is the chain that carries the traffic between the lan and the outside world. You have it wide open and are not filtering anything. I recommend you set the default policy to drop and only open the ports you need ( 80, 63, etc.). BTW, nice graphic :-)
Jeff
