On Tuesday 2005-November-08 11:08, Micol lupen wrote: > I have a lan whit 10 pc (use win9X) and have ip Win9x? Ugly! > //ETHERNET INTERFACE file conf.ps > !/bin/bash Missing the # at the beginning of that line. You don't really need a "shabang" line at all for just running a few simple commands. > ifconfig eth0 10.10.10.50 netmask 255.255.255.0 > ifconfig eth1 178.133.80.74 netmask 255.255.255.248 > route add -net default gw 178.133.80.73 netmask > 255.255.255.248 > # END SCRIPT CONF.PS Slackware will do this for you. Run "netconfig" or just edit "/etc/rc.d/rc.inet1.conf". > //--- I WRITE IN /etc/resolv.conf > NAMESERVER=151.99.125.1 Nope. "nameserver 151.99.125.1". > //--------FIREWALL SCRIPT firewall.ps If at /etc/rc.d/rc.firewall, Slackware will run it for you. > echo 1 > /proc/sys/net/ipv4/ip_forward Normally this should come at the end. I put a "0" in at the beginning and then "1" after firewall protections are in place. (Similar to the script Rob posted just now.) > $IPTAB -P INPUT DROP > $IPTAB -P FORWARD DROP Okay. > $IPTAB -P OUTPUT DROP Unless you know exactly what you plan to do with OUTPUT filtering, I strongly suggest you give it up. > # FROM LAN TO INTERNET > $IPTAB -A INPUT -s 10.10.10.0/24 -i eth0 -j ACCEPT No, that's from LAN to firewall machine. See "man iptables", near the beginning, where the tables and their built-in chains are described. > # FORWORDING > $IPTAB -A FORWARD -i eth0 -s 10.10.10.0/24 -j ACCEPT > $IPTAB -A FORWARD -i eth1 -d 10.10.10.0/24 -j ACCEPT Okay. I think that would work, anyway. I do it differently, see next. > # QUERY DNS (SERVER-> CLIENT) > $IPTAB -A INPUT -i eth1 -p udp -s $NAMESERVER --sport > 53 -m state --state ESTABLISHED -j ACCEPT A simple --state RELATED,ESTABLISHED -j ACCEPT rule along with OUTPUT policy of ACCEPT would do better. I put that rule in a "State" chain and jump to State from both INPUT and FORWARD. But that (INPUT) has nothing to do with your problem below. > #NAT > $IPTAB -t nat -A POSTROUTING -o eth1 -s 10.10.10.0/24 > -j SNAT --to $IPADD Okay. > WHEN I START TO FIREWALL THE CLIENT CAN'T TO GO TO > INTERNET, HELP ME !!!! And how are you diagnosing this? What did you try? What happened? > P.S. excuse me for my bad english Your English is fine. Work on your troubleshooting skills. :) -- mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header