[CLUE-Tech] Firewall
Chris
r0x0rman at yahoo.com
Fri Feb 22 17:24:48 MST 2002
Hey guys I was wondering if you could help me out. I'm trying to set up a
firewall for the first time. Just something simple. Here is what I have so
far.
============================================================================
=============
/sbin/modprobe iptable_nat
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -N block
iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A block -m state --state NEW -i ! eth0 -j ACCEPT
iptables -A block -j DROP
iptables -A INPUT -j block
iptables -A FORWARD -j block
iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit
1/s -j ACCEPT
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j
ACCEPT
============================================================================
==============
the interface that the world sees is eth0
the interface that ny lan sees is eth1
Does everything look ok so far?
With this set up, I am unable to ssh to my machine from work. How can I
allow certain ip's to connect, and how can I let certain services pass
through. I want to let two ips pass connect.
Also say if i want to make a change to entry for nat. How do I reload it
without having to reboot?
Any ideas? Thanks.
More information about the clue-tech
mailing list