----- Original Message ----- From: Jeffrey Laramie <JALaramie@xxxxxxxxxxxxxxxxxxx> Date: Thursday, January 27, 2005 8:27 pm Subject: Re: myfirewall help > On Thursday 27 January 2005 05:13, varun_saa@xxxxxxxx wrote: > > Hello, > > My server is Mandrake 10.1 > > eth0 is WAN with static IP connected to 512k DSL > > eth1 is LAN > > > > I am trying to write iptables rules and I am > > stuck with some error. > > > > My iptable file is as follows : > > > > # Generated by iptables-save v1.2.9 on Thu Oct 21 05:32:36 2004 > > *nat > > > > :OUTPUT ACCEPT [0:0] > > :PREROUTING ACCEPT [0:0] > > :POSTROUTING ACCEPT [0:0] > > > > -A POSTROUTING -o eth0 -j MASQUERADE > > COMMIT > > # Completed on Thu Oct 21 05:32:36 2004 > > # Generated by iptables-save v1.2.9 on Thu Oct 21 05:32:36 2004 > > *mangle > > > > :PREROUTING ACCEPT [32056:3889577] > > :INPUT ACCEPT [32010:3885659] > > :FORWARD ACCEPT [0:0] > > :OUTPUT ACCEPT [31637:4617585] > > :POSTROUTING ACCEPT [31639:4618071] > > > > COMMIT > > # Completed on Thu Oct 21 05:32:36 2004 > > # Generated by iptables-save v1.2.9 on Thu Oct 21 05:32:36 2004 > > *filter > > > > :FORWARD ACCEPT [0:0] > > :INPUT DROP [0:0] > > :OUTPUT ACCEPT [0:0] > > > > -A INPUT -j ACCEPT > > -A INPUT -s 127.0.0.1 -j ACCEPT > > -A INPUT -p tcp -m tcp -i eth1 -o eth0 --dport 3128 --sport 80 -j > ACCEPT> -A INPUT -p udp -m udp -i eth1 -o eth0 --dport 3128 --sport > 80 -j ACCEPT > > COMMIT > > # Completed on Thu Oct 21 05:32:36 2004 > > > > When I am trying to save I get the following error : > > > > iptables-restore v1.2.9: Can't use -o with INPUT > > The error message gives you the answer. You can't use the -o > parameter on the > INPUT chain since by definition the destination is always the local > host. > Remove "-o eth0" from your rules. > > Jeff I am writing firewall rules for the first time. I am writing rules using webmin -> networking -> linux firewall. First what do you think of the rule. Second is it Ok to just remove -0 eth0. Please feel free to correct me. Thanks Varun
