Problems Pinging the Internet w/this script

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Here's a script I'm using to create some tables which will only allow in on ports I'm running services. One of the problems I'm havng is that I can't ping the Internet with a DNS address from this machine. I've allowed everything in the OUTPUT table and can ping the Internet when using a straight IP, but when I type in "ping google.com" the machine hangs for a few seconds and gives me a server request error. I know it's something with my rules because when I flush them all I can ping google.com just fine. Any ideas would be greatly appreciated. I'm guessing it's something trivial but can't put my finger on it yet.

thanks

#!/bin/bash
########## Beginning ###########################################################

# Define Interfaces/Networks

   # Inside/Intranet Interface
     INSIDEIP="192.168.7.55"
     INSIDEINT="eth0"

# External/Internet Interface # OUTSIDEIP=
# OUTSIDEINT=

   # LAN Network
     LAN="192.168.7.0/24"

   # Admin Host
     ADMIN="192.168.7.51"

# Define other Variables

   RULE="/usr/sbin/iptables"

# Flushing All rules/chains
 $RULE -A INPUT LOG
 $RULE -A OUTPUT LOG
 $RULE -A FORWARD LOG
 $RULE -P INPUT DROP
 $RULE -P OUTPUT DROP
 $RULE -P FORWARD DROP
 $RULE -F INPUT
 $RULE -F OUTPUT
 $RULE -F FORWARD

# Adding Permittable Network/Hosts/Ports to Input Table on Internal Interface

 # Allowing DNS,FTP,SSH,Webmin,HTTP,SWAT,and Samba to Server

$RULE -A INPUT -i $INSIDEINT --proto icmp --icmp-type any -j ACCEPT
$RULE -A INPUT -i $INSIDEINT --proto tcp --dport 21 -d $INSIDEIP -j ACCEPT
$RULE -A INPUT -i $INSIDEINT --proto tcp -s $ADMIN --dport 22 -d $INSIDEIP -j ACCEPT
$RULE -A INPUT -i $INSIDEINT --proto tcp --dport 53 -d $INSIDEIP -j ACCEPT
$RULE -A INPUT -i $INSIDEINT --proto tcp --dport 80 -d $INSIDEIP -j ACCEPT
$RULE -A INPUT -i $INSIDEINT --proto tcp --dport 137 -d $INSIDEIP -j ACCEPT
$RULE -A INPUT -i $INSIDEINT --proto tcp --dport 138 -d $INSIDEIP -j ACCEPT
$RULE -A INPUT -i $INSIDEINT --proto tcp --dport 139 -d $INSIDEIP -j ACCEPT
$RULE -A INPUT -i $INSIDEINT --proto tcp --dport 445 -d $INSIDEIP -j ACCEPT
$RULE -A INPUT -i $INSIDEINT --proto tcp -s $ADMIN --dport 901 -d $INSIDEIP -j ACCEPT
$RULE -A INPUT -i $INSIDEINT --proto tcp -s $ADMIN --dport 10000 -d $INSIDEIP -j ACCEPT

# Denying Everything on Local Network

# Adding entry to allow everything originating from Internal Interface out
$RULE -A OUTPUT -j ACCEPT

########## END ################################################################


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux