[lug] firewall
Jason Davis
jd_480 at hotmail.com
Thu Nov 15 12:06:57 MST 2001
hi,
i wrote a very simple firewall scrip..works good..however...my comps on
private
side see internet just fine...but my firwall box that has the public ip
can't
below is a copy of my scrip...can any one help ?
thanks
jd
!# /bin/bash
#
#
####constants
#
inside='192.168.0.1'
outside='209.194.203.111'
#
####scrp
#enable ip forward
echo 1 > /proc/sys/net/ipv4/ip_forward
#reject spoofed packets
#for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
# echo 1 > $f
#done
#flush filter and nat tables
iptables -F
iptables -F -t nat
#set default polices
iptables -P FORWARD DROP
iptables -t nat -P POSTROUTING DROP
#allow ougoing fron private net & incoming for requested
iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT
iptables -A FORWARD -d 192.168.0.0/24 -m state --state RELATED,ESTABLISHED
-j ACCEPT
#deny incoming trying to use private adds(redundant cause poilcy?)
#iptables -A FORWARD -i eth0 -s 192.168.0.0/16 -j DROP
#iptables -A FORWARD -i eth0 -s 172.16.0.0/12 -j DROP
#iptables -A FORWARD -i eth0 -s 10.0.0.0/8 -j DROP
#rule allow masquerading
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE
<br><br><br> Jason Davis
jd_480 at hotmail.com
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
More information about the LUG
mailing list