Hi,
Im using Fedora Core 2 and was trying iptables for the first time. I'm setting a firewall between the internet
and my private network wherein my server(behind firewall) is running FTP(wu-fptd) and SMB
My iptable configuration should be :
1. Filter all incomming FTP request (should have the ability to filter specific ip that is comming from the public network).
2. SMB request from the Internet should be block.
3. Drop all ports that is not being used by SMB and FTP.
4. Can browse the internet
My current iptable config is not working at all.......Please Help!
>>>>>Current Setup<<<<<<
Server Setup
1 network card with private ip eth0 and behind firewall
Iptable Config from Firewall and used also as a gateway.
Net Card
etho -- static ip from isp
eth1 -- private ip
FromInternetSourceIP = '222.222.222.222' sample ip
LocalIPFTPSMB = '192.168.0.2'
iptables -F
iptables -t nat -F
iptables -t mangle -F
# Set the default policy
iptables -t filter -A INPUT -j DROP
#Allow FTP Connection from this source ip
iptables -t filter -A INPUT -p tcp -s 192.168.0.1/24 -d $LocalIPFTPSMB --dport 20:21 -j ACCEPT
iptables -t filter -A INPUT -p tcp -s $FromInternetASourceIP -d LocalIPFTPSMB --dport 20:21 -j ACCEPT
# Smb Connections allowed from 192.168.0.1/24 network
iptables -A INPUT -i eth0 -p tcp -s 192.168.0.1/24 -d LocalIPFTPSMB --sport 137:139 -j ACCEPT
#Connect all WWW traffic using port 80
iptables -t nat -A POSTROUTING -s 192.168.0.1/24 -d 0/0 -p tcp --dport 80 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.0.1/24 -d 0/0-p tcp --dport 53 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.0.1/24 -d 0/0-p udp --dport 53 -j MASQUERADE
#For logging
iptables -A OUTPUT -j LOG
iptables -A INPUT -j LOG
iptables -A FORWARD -j LOG
Milo
