Re: rules to allow LAN navigation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

(sorry for top posting; Gmail mobile can only top-post)

Can you post the output of iptables-save? iptables -L always give me
the headache.

Rgds,


On 2011-03-18, Esteban Cacavelos <estebancacavelos@xxxxxxxxx> wrote:
> Hi all, i am new on the list and i have the following scenario.
>
> ------------------------------------
> ---------------------------------------
> --------------------------------------------
> | router        Â | | linux server
> (ubuntu)|ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ |
> ÂÂÂÂÂÂÂÂÂÂÂ |
> |ÂÂ LAN: 192.168.3.xÂÂÂÂÂ | -------------- |ÂÂÂÂÂ eth0:192.168.3.12
> |Â -----------------------------Â |ÂÂÂ (WINDOWS PCs, etc)ÂÂÂ |
> |ÂÂ WAN: internetÂÂÂÂÂÂÂÂÂÂ |ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ | Â ÂÂ eth1:192.168.2.1
> ÂÂ |ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ |ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ LAN
> ÂÂÂ |
> -------------------------------------
> ---------------------------------------
> |ÂÂÂÂÂÂÂ 192.168.2.xÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ |
>
>
> -----------------------------------------------
>
>
> I want to: the computers in the LAN to navigate through internet.
>
> When the policies for INPUT, OUTPUT and FORWARD are ACCEPT, everithing
> works well (pcs in the LANÂ can navigate), BUT, when i change the
> policy to DROP for the INPUT chain i dont know how to allow http
> traffic for the LAN.
>
> My actual iptables configuration is :
>
> iptables -L
> Chain INPUT (policy DROP)
> targetÂÂÂÂ prot opt sourceÂÂÂÂÂÂÂÂÂÂÂÂÂÂ destination
> ACCEPT all -- anywhere anywhere ctstate
> RELATED,ESTABLISHED
> ACCEPT all -- anywhere anywhere state
> RELATED,ESTABLISHED
> ACCEPT tcp -- anywhere anywhere tcp dpt:www
> LOG all -- anywhere anywhere limit:
> avg 5/min burst 5 LOG level debug prefix `iptables denied: '
> ACCEPT tcp -- anywhere anywhere tcp dpt:www
> ACCEPT all -- anywhere anywhere
> ACCEPT all -- anywhere anywhere
> ACCEPT all -- anywhere anywhere
> ACCEPT tcp -- anywhere anywhere tcp dpt:2223
> ACCEPT all -- 192.168.2.1 anywhere
> ACCEPT all -- 192.168.2.0 anywhere
>
>
> Thanks for the help.
>
>
>
> --
> Esteban L. Cacavelos de Amoriza
> Cel: 0981 220 429
>


-- 
--
Pandu E Poluan - IT Optimizer
My website: http://pandu.poluan.info/
ÿô.nlj·Ÿ®‰­†+%ŠË±é¥Šwÿº{.nlj·§z×–×þ)íèjg¬±¨¶‰šŽŠÝjÿ¾«þG«é¸¢·¦j:+v‰¨Šwèm¶Ÿÿþø®w¥þŠà£¢·hšâÿ†Ù
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux