Re: Proxy Iptable script--no one in RedHat who can help me

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Nilesh <niluforalways@xxxxxxxxx> wrote:
Hello All,
 
I have Installed RedHat 8.0 runing as a proxy server as well as web server but the problem is from my client linux machine i m not able to ping outside world for that i have to restart the network service of client machine for 4-5 times after this trcik im able to ping the outside world.
 
can anybody please tell me how to resolve this problem
 
this is my firewall script
 

#!/bin/bash

# /usr/local/sbin/setiptables.bash

# Some Definations

ANYWHERE="any/0" # Match any address

EX_ETH=eth0 # External Interface

IN_ETH=eth1 # Local Interface

LOCAL_IP=192.168.0.1 # Local Host IP

EXTERNAL_IP=202.54.230.14 # INETRNATE IP

LOCAL_NET=192.168.0.0/24 # Local Network

PROXY_IP=192.168.0.225 # Proxy Server IP (Transparent Proxy)

PROXY_PORT=8080 # Proxy Server Port No

LOOPBACK_INTERFACE=lo # The Loopback Interface

LOOPBACK_NETWORK=127.0.0.0/8 # Reserved Loopback Address Range

PRIVPORTS=0:1023 # Well Known Privileged port range

UNPRIVPORTS=1024:65535 # Unprivileged port range

WEBPORT=80 # WebServer Port

# Clear all iptables

/etc/init.d/iptables stop

# Flush the rule Chains

iptables -F

iptables -t nat -F

# Delete custom chains

iptables -X

# Zero counts

iptables -Z

# Set the Default Policys

iptables -P INPUT DROP

iptables -P OUTPUT ACCEPT

iptables -P FORWARD ACCEPT

# Masquerade

iptables -t nat -A POSTROUTING -o $EX_ETH -j MASQUERADE

iptables -A OUTPUT -s $LOCAL_NET -o $EX_ETH -j ACCEPT

# Any other packets must be dropped.

iptables -A INPUT -i $EX_ETH -m state --state NEW,INVALID -j DROP

# FORWARD Chain

iptables -A FORWARD -i $EX_ETH -m state --state NEW,INVALID -j DROP

# Turn on IP forwarding

echo 1 > /proc/sys/net/ipv4/ip_forward

# Allow unlimited traffic on the loopback interface

iptables -A INPUT -i $LOOPBACK_INTERFACE -j ACCEPT

iptables -A OUTPUT -o $LOOPBACK_INTERFACE -j ACCEPT

# Loopback packets should not be handeld from ext NIC

iptables -A INPUT -i $EX_ETH -s 127.0.0.0/8 -j DROP

iptables -A OUTPUT -o $EX_ETH -s 127.0.0.0/8 -j DROP

# Refuse Bogus Broadcasts

iptables -A INPUT -i $EX_ETH -s 255.255.255.255 -j DROP

iptables -A INPUT -i $EX_ETH -d 0.0.0.0 -j DROP

# ICMP

iptables -A INPUT -i $EX_ETH -p icmp -s $ANYWHERE -d $EXTERNAL_IP -j ACCEPT

iptables -A OUTPUT -o $EX_ETH -p icmp -s $EXTERNAL_IP -d $ANYWHERE -j ACCEPT

iptables -A INPUT -i $IN_ETH -p icmp -s $LOCAL_NET -d $LOCAL_IP -j ACCEPT

iptables -A OUTPUT -o $IN_ETH -p icmp -s $LOCAL_IP -d $LOCAL_NET -j ACCEPT

iptables -A INPUT -i $EX_ETH -p icmp -s $LOCAL_NET -d $ANYWHERE -j ACCEPT

iptables -A OUTPUT -o $EX_ETH -p icmp -s $ANYWHERE -d $LOCAL_NET -j ACCEPT

iptables -A FORWARD -p icmp -j ACCEPT

Do you Yahoo!?
Yahoo! Photos - Get your photo on the big screen in Times Square

Do you Yahoo!?
Yahoo! Photos - Get your photo on the big screen in Times Square

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]

  Powered by Linux