Go to the ipmasquarade resource site. Copy down their two example firewalls. Both are proper implementations of what you have below. http://ipmasq.cjb.net/ {^_^} ----- Original Message ----- From: "Michael Schwendt" <ms0301rh@arcor.de> > On Sun, 26 Jan 2003 01:47:11 -0500, Buck wrote: > > > I just followed the instructions in 'Red Hat Linux 8 For Dummies' to > > setup a firewall. > > > > For some reason it doesn't work. > > > > The book uses an example for a modem, but I need to make it work for > > an Ethernet. There is only one NIC in the computer and the LAN going > > to the internet is connected to it. > > > > I tried it verbatim to the book and failed. > > Are you sure? If exactly that example is printed in the book, the > book is crap. > > > One line has an error so I > > changed it. The changed line is marked with an asterisk. > > > > iptables --flush > > iptables --flush -t nat > > iptables -A INPUT -j DROP > > iptables -A OUTPUT -j DROP > > Basically, what each of the two commands above does at that position > in the script, is putting a rule at the _beginning_ of a chain which > drops all packets. It becomes clear when you use the long options: > > iptables --flush > iptables --flush --table nat > iptables --append INPUT --jump DROP > iptables --append OUTPUT --jump DROP > > Both INPUT and OUTPUT chain are empty (flushed), so "--append" > stores the next rule as the first rule in the chain. That rule tells > the packet filter to drop everything. Any subsequent rules are not > evaluated at all. > > > iptables -A OUTPUT -j ACCEPT -o lo > > iptables -A INPUT j ACCEPT -i lo > > * iptables -A INPUT -j ACCEPT -i lo > > iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT > > iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > > > > When I turn off the firewall, I can access the internet, but with it > > on, I cannot access the internet. > > Replace the two wrong rules with: > > iptables --policy INPUT DROP > iptables --policy OUTPUT DROP > > That is what would make sense. -- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list
