Mohamed Nassih wrote:
Hi,
I have this firewall script, the problem is that I can not connect to the webserver (123.45.67.2) from the local network (192.168.1.0).
Please help.
maybe if you...
echo 1 > /proc/sys/net/ipv4/ip_forward
and not
echo 1 > /proc/sys/net(((( ))))/ipv4/ip_forward
echo 1 > /proc/sys/net /ipv4/ip_forward
IPTABLES -F INPUT
IPTABLES -F OUTPUT
IPTABLES -F FORWARD
you could...
iptables -F instead of the three rules from above...
IPTABLES -P INPUT DROP
IPTABLES -P OUTPUT DROP
IPTABLES -P FORWARD DROP
Iptables –A INPUT -i lo –j ACCEPT
Iptables –A OUTPUT -o lo –j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth1 -p tcp -d 123.45.67.2 --destination-port 80
–m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A FORWARD –p tcp -i eth0 –-source-port 80 –m state --state
ESTABLISHED -j ACCEPT
It would be more readable if you....
iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 80 -d 123.45.67.2 -m
state --state NEW,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -p tcp --sport 80 -s 123.45.67.2 -m
state --state ESTABLISHED -j ACCEPT
Check if eth0 = wan and eth1 = lan.
PD: sorry for my english, i never study.
