Hi all, i am new on the list and i have the following scenario.
------------------------------------
---------------------------------------
--------------------------------------------
| router | | linux server
(ubuntu)| |
|
| LAN: 192.168.3.x | -------------- | eth0:192.168.3.12
| ----------------------------- | (WINDOWS PCs, etc) |
| WAN: internet | | eth1:192.168.2.1
| | LAN
|
-------------------------------------
---------------------------------------
| 192.168.2.x |
-----------------------------------------------
I want to: the computers in the LAN to navigate through internet.
When the policies for INPUT, OUTPUT and FORWARD are ACCEPT, everithing
works well (pcs in the LAN can navigate), BUT, when i change the
policy to DROP for the INPUT chain i dont know how to allow http
traffic for the LAN.
My actual iptables configuration is :
iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:www
LOG all -- anywhere anywhere limit:
avg 5/min burst 5 LOG level debug prefix `iptables denied: '
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:2223
ACCEPT all -- 192.168.2.1 anywhere
ACCEPT all -- 192.168.2.0 anywhere
Thanks for the help.
--
Esteban L. Cacavelos de Amoriza
Cel: 0981 220 429
ÿôèº{.nÇ+?·?®??+%?Ëÿ±éݶ�¥?wÿº{.nÇ+?·§z×â?׫þ)í?æèw*�jg¬±¨�¶????Ý¢jÿ¾�«þG«?éÿ¢¸�¢·¦j:+v?¨?wèjØm¶?ÿþø�¯ù�®w¥þ?àþf£¢·h??â?úÿ?Ù¥
