RE: Help with a firewall script

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



John,

Thanks a million.  That was exactly what I was looking for. (and the
examples made sense)

Merry Christmas!

John

-----Original Message-----
From: John A. Sullivan III [mailto:jsullivan@xxxxxxxxxxxxxxxxxxx] 
Sent: Saturday, December 24, 2005 4:11 PM
To: John P. Lang
Cc: netfilter@xxxxxxxxxxxxxxxxxxx
Subject: RE: Help with a firewall script

The first rule changes the source address so the packet can traverse the
internet. The second rule is allowing the outbound packet but you will
need a rule to allow the reply packets such as:

iptables -I FORWARD 1 -m state --state ESTABLISHED,RELATED -j ACCEPT

You can find an excellent tutorial at
http://iptables-tutorial.frozentux.net
There are also some slightly dated training slide shows in the training
section of the ISCS network security management project web site at
http://iscs.sourceforge.net

Hope it helps - John

On Sat, 2005-12-24 at 14:29 -0800, John P. Lang wrote:
> John,
> 
> This is exactly where my confusion lies... I thought that
> 
> > $IPT --table nat --append POSTROUTING --out-interface $EXTNIC -j
> MASQUERADE
> > 
> > $IPT --append FORWARD --in-interface $INTNIC -j ACCEPT
> 
> Would basically allow all of the traffic to go through.
> Can you point me to a proper tutorial or example on how to properly do
this?
> 
> Thanks,
> John
> 
> > 
> After a very quick look, it appears that you are allowing outbound
> traffic from the internal NIC but where are you allowing the reply
> packets? Do you have a RELATED,ESTABLISHED rule anywhere? - John
-- 
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan@xxxxxxxxxxxxxxxxxxx

Financially sustainable open source development
http://www.opensourcedevel.com



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux