Here is a simple iptables script that i use on my local lan.
#!/bin/bash
#--------------------------------------------------------------------------#
# NAT i Firewall #
#--------------------------------------------------------------------------#
# Tanis 20011130 #
#--------------------------------------------------------------------------#
IPT="/sbin/iptables"
MDP="/sbin/modprobe"
RMD="/sbin/rmmod"
. /etc/init.d/functions
case "$1" in
start)
#cargar modulos
echo -n "Cargando módulos de iptables:"
echo_success
echo
$MDP ip_tables
$MDP ip_conntrack
$MDP ip_conntrack_ftp
$MDP ip_nat_ftp
$MDP iptable_nat
$MDP iptable_filter
$MDP ipt_MASQUERADE
$MDP ipt_LOG
#Borrar regles, i la chain firewall
echo -n "Flush de reglas y chains:"
echo_success
echo
$IPT -F
$IPT -F -t nat
$IPT -X firewall
#Activar Masquerading.
echo -n "Activando masquerading:"
echo_success
echo
$IPT -A POSTROUTING -t nat -s YOU_LAN_HERE -j MASQUERADE -o eth0
$IPT -P FORWARD ACCEPT
#Activar forwading
echo 1 > /proc/sys/net/ipv4/ip_forward
#Creem la chain firewall (elemina pakets i deixa log)
echo -n "Activando reglas de firewall:"
echo_success
echo
$IPT -N firewall
$IPT -A firewall -j LOG --log-level 6 --log-prefix "Firewall: "
$IPT -A firewall -j DROP
#Acceptem localhost
$IPT -A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT
#ens acceptem a nosaltres (lo)
$IPT -A INPUT -j ACCEPT -i lo
#Acceptem tota la intranet
$IPT -A INPUT -j ACCEPT -i eth1 <<<----- the device where your lan is
#EXAMPLE CONFIGURATION, PUT YOUR OWN RULES HERE
$IPT -A INPUT -p tcp -s $TANIS --destination-port 22 -j ACCEPT
$IPT -A INPUT -p tcp -s $TANIS --destination-port 80 -j ACCEPT
#---------------------------------------------------------------#
# Els pakets udp ke han arribat aki son xungos #
#---------------------------------------------------------------#
$IPT -A INPUT -p udp -j firewall
#---------------------------------------------------------------#
# Tot el ke arriba fins aki tendria ke ser nomes icmp #
# aixi ke tallem tot el demes #
#---------------------------------------------------------------#
$IPT -A INPUT -p '!' icmp -j firewall
;;
stop)
#Borrar regles, i la chain firewall
echo -n "Flush de reglas y chains:"
echo_success
echo
$IPT -F
$IPT -F -t nat
$IPT -X firewall
#cargar modulos
echo -n "Descargando módulos de iptables:"
echo_success
echo
$RMD ipt_LOG
$RMD ipt_MASQUERADE
$RMD iptable_filter
$RMD iptable_nat
$RMD ip_conntrack
$RMD ip_tables ;;
restart)
$0 start
;;
status)
echo "********************************************************"
echo "* Tabla de filtrado *"
echo "********************************************************"
$IPT -nL
echo "********************************************************"
echo "* Tabla de NAT *"
echo "********************************************************"
$IPT -nL -t nat
esac
exit 0
El mié, 05-12-2001 a las 16:13, Gabriel Floyd escribió:
>
>
> I would be most interested in a sample of your NAT/Firewall & IPTables
> implementation. I'm just starting to get into firewalling (just got DSL),
> and would sure appreciate any help offered!
>
> Gabriel
>
>
>
> On Tue, 27 Nov 2001, Bernard Hoffman wrote:
>
> > I just recently completed a basic NAT/Firewall solution with iptables on
> > RedHat 7.1 If you would like my sample, contact me directly.
> >
> > -=Berns
> >
> > ------
> > Bernard Hoffman
> > Director of Software Engineering
> > _ _ _ _ _ _ _
> > e | Market Capital, Inc.
> > 610-592-0522
> > http://www.emarketcapital.com
> >
> >
> > -----Original Message-----
> > From: Prem Chandra Kumar.N [mailto:pckumar_n@yahoo.com]
> > Sent: Tuesday, November 27, 2001 1:02 AM
> > To: security-discuss@linuxsecurity.com
> > Subject: Configuring RedHat Linux 7.1 as a gateway server without
> > IPChains.
> >
> >
> >
> > Hi,
> > I need to configure RedHat Linux 7.1 as a gateway server for allowing my
> > user's to access the internet from my local private network. I want to
> > configure without IPCHAINS.
> > I tried using netcfg utility, it did not work
> > Please anyoone helpl me how to configure the same with an example.
> >
> > Regards
> > Prem Kumar.N
> >
> >
> > ------------------------------------------------------------------------
> > To unsubscribe email security-discuss-request@linuxsecurity.com
> > with "unsubscribe" in the subject of the message.
> > ------------------------------------------------------------------------
> > To unsubscribe email security-discuss-request@linuxsecurity.com
> > with "unsubscribe" in the subject of the message.
> >
>
> ------------------------------------------------------------------------
> To unsubscribe email security-discuss-request@linuxsecurity.com
> with "unsubscribe" in the subject of the message.
>
--
----------------------------------------------------------------------------
Andreu Sánchez Costa - Internet Web Serveis - Dep. Gestión de Sistemas
Tlf. +34 973 234 106 - http://www.iws.es
pub 1024D/0FE5FDFD 2001-12-04 Andreu Sánchez Costa <tanis@lleida.com>
Key fingerprint = 72AD AB63 5037 25BD 083B 9454 548D 55A7 0FE5 FDFD
Key available at http://www.taniz.org/
----------------------------------------------------------------------------
-- Attached file included as plaintext by Listar --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQA8Djz5VI1Vpw/l/f0RAjTdAJ9YV6JoVLWLfzgU0vfMPv/ZJOwS6wCg7LJD
gFJV5xSUfSe6//ahd4J5SOU=
=RrcU
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
