Ok im pretty new to iptables, but this is where im at, Redhat 8 kernel
2.4.20 w/pom-20030107 mods added, dhcpd server. The dhcpd seems fine, I can
get to the main box fine from a 192.168.. pc but I cannot get past the main
box, ping, telnet, ftp, nothing. The main box can do all those...
I have gotten kinda crazy with opening things up to try and get this to
work, seems like I must be close:
/sbin/iptables -vL | more
Chain INPUT (policy ACCEPT 3 packets, 156 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- lo any anywhere anywhere
0 0 ACCEPT tcp -- eth1 any anywhere anywhere
tcp dpt:ssh
0 0 ACCEPT tcp -- eth1 any anywhere anywhere
state RELATED,ESTABLISHED
0 0 ACCEPT all -- eth1 any anywhere anywhere
state NEW
0 0 ACCEPT tcp -- any any anywhere anywhere
tcp dpt:telnet
0 0 ACCEPT tcp -- any any anywhere anywhere
tcp dpt:1065
0 0 ACCEPT tcp -- any any anywhere anywhere
tcp dpt:1063
0 0 ACCEPT udp -- eth1 any anywhere anywhere
0 0 ACCEPT udp -- eth0 any anywhere anywhere
0 0 ACCEPT all -- eth1 any anywhere anywhere
0 0 ACCEPT all -- eth1 any anywhere anywhere
60 4464 ACCEPT all -- eth0 any anywhere anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 all -- any any anywhere anywhere
0 0 ACCEPT all -- eth1 any anywhere anywhere
0 0 ACCEPT all -- eth0 any anywhere anywhere
Chain OUTPUT (policy ACCEPT 3 packets, 348 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- any lo anywhere anywhere
32 6672 ACCEPT all -- any any anywhere anywhere
state RELATED,ESTABLISHED
0 0 ACCEPT all -- any any modem anywhere
0 0 ACCEPT all -- any any anywhere
0 0 ACCEPT all -- any eth0 anywhere anywhere
0 0 ACCEPT all -- any eth1 anywhere anywhere
This is the file I run to get this:
echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -F
/sbin/iptables -X
/sbin/iptables -Z
/sbin/iptables -t filter -A FORWARD
echo \* Setting loopback rules
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
echo \* setting NAT rules
/sbin/iptables -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/25 -d -0/0 -j
MASQU$
echo \* setting external rules
/sbin/iptables -t filter -A INPUT -i eth1 -m tcp -p tcp --dport 22 -j ACCEPT
#allow ftp etc
/sbin/iptables -t filter -A INPUT -i eth1 -p tcp -m state --state
ESTABLISHED,\$
#Drop all new connects?
/sbin/iptables -t filter -A INPUT -i eth1 -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m tcp --dport 23 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m tcp --dport 1065 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m tcp --dport 1063 -j ACCEPT
/sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A OUTPUT -p ALL -s 127.0.0.1 -j ACCEPT
#/sbin/iptables -A OUTPUT -p ALL -s 192.168.1.7 -j ACCEPT
/sbin/iptables -P FORWARD ACCEPT
/sbin/iptables -A INPUT -p UDP -i eth1 -j ACCEPT
/sbin/iptables -A FORWARD -p ALL -i eth1 -j ACCEPT
/sbin/iptables -A INPUT -p UDP -i eth0 -j ACCEPT
/sbin/iptables -A FORWARD -p ALL -i eth0 -j ACCEPT
/sbin/iptables -A INPUT -i eth1 -j ACCEPT
$
/sbin/iptables -A OUTPUT -o eth0 -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -j ACCEPT
$
/sbin/iptables -A OUTPUT -o eth1 -j ACCEPT
Im not affraid to read if someone can stear me in the right direction I
would very much appreciate it, pretty lost right now...
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.455 / Virus Database: 255 - Release Date: 2/13/2003
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Mailscanner thanks transtec Computers for their support.
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
