Guest skandia Posted July 26, 2005 Report Share Posted July 26, 2005 Hi, I am attempting to share my main PCs dial up internet connetion over a LAN with an old laptop - Dell CpiA 366 with 64 meg of memory My main PC runs Mandriva LE2005 and the laptop Vector Linux (as Mandriva required better hardware). I have got an ethernet lan working between the two machnies - I can ping in either direction. Main PC address 192.168.100.2, laptop 192.169.100.30 I have tried the mandriva ICS in the MCC - and adjusted the firewall countless times recently tried the pinned info at the top of the networking forum about ICS by IWPCs still no joy - any help greatfully appreciated! The ouput of ifconfig is: eth0 Link encap:Ethernet HWaddr 00:06:4F:06:D3:A8 inet addr:192.168.100.2 Bcast:192.168.100.255 Mask:255.255.255.0 inet6 addr: fe80::206:4fff:fe06:d3a8/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:53 errors:0 dropped:0 overruns:0 frame:0 TX packets:69 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:4362 (4.2 Kb) TX bytes:8518 (8.3 Kb) Interrupt:10 Base address:0xd400 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) ppp0 Link encap:Point-to-Point Protocol inet addr:212.24.77.56 P-t-P:212.24.65.147 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:66 errors:2 dropped:0 overruns:0 frame:0 TX packets:66 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:21580 (21.0 Kb) TX bytes:5282 (5.1 Kb) sit0 Link encap:IPv6-in-IPv4 inet6 addr: ::127.0.0.1/96 Scope:Unknown inet6 addr: ::192.168.100.2/96 Scope:Compat UP RUNNING NOARP MTU:1480 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) the output of route -n is: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 212.24.65.147 0.0.0.0 255.255.255.255 UH 50 0 0 ppp0 192.168.100.0 0.0.0.0 255.255.255.0 U 10 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 212.24.65.147 0.0.0.0 UG 50 0 0 ppp0 the output of iptables -nvL is: Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 24 3780 ACCEPT all -- eth0 * 192.168.100.2 192.168.100.255 0 0 logaborted tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED tcp flags:0x04/0x04 60 21370 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 12 6 396 nicfilt all -- * * 0.0.0.0/0 0.0.0.0/0 6 396 srcfilt all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 12 26 1928 srcfilt all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 54 4719 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 12 35 4508 s1 all -- * * 0.0.0.0/0 0.0.0.0/0 Chain f0to1 (4 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 0 3 144 logdrop all -- * * 0.0.0.0/0 0.0.0.0/0 Chain f0to2 (1 references) pkts bytes target prot opt in out source destination 0 0 logdrop all -- * * 0.0.0.0/0 0.0.0.0/0 Chain f1to0 (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:8880 state NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:443 state NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:888 state NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:21 state NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:110 state NEW 3 156 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:80 state NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:8080 state NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:8008 state NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:8000 state NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:8888 state NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 state NEW 5 320 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 3 252 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:25 state NEW 0 0 logdrop all -- * * 0.0.0.0/0 0.0.0.0/0 Chain f1to2 (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:111 state NEW 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:111 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:65535 state NEW 24 3780 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2049 state NEW 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:2049 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:3128 state NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:443 state NEW 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:177 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:21 state NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:23 state NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:80 state NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:8080 state NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:8008 state NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:8000 state NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:8888 state NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 state NEW 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:22 state NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:0:1023 dpt:22 state NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpts:6000:6063 state NEW 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpts:5900:5903 state NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:5999 dpt:5800 state NEW 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65535 dpt:3130 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 0 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65535 dpt:3130 0 0 logdrop all -- * * 0.0.0.0/0 0.0.0.0/0 Chain f2to0 (1 references) pkts bytes target prot opt in out source destination 26 1928 logdrop all -- * * 0.0.0.0/0 0.0.0.0/0 Chain f2to1 (4 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 0 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65535 dpt:3130 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:443 state NEW 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:177 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:21 state NEW 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65535 dpt:161 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:23 state NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:80 state NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:8080 state NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:8008 state NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:8000 state NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:8888 state NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:22 state NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:0:1023 dpt:22 state NEW 3 252 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpts:6000:6063 state NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpts:5900:5903 state NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:5800 state NEW 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65535 dpt:3130 0 0 logdrop all -- * * 0.0.0.0/0 0.0.0.0/0 Chain logaborted (1 references) pkts bytes target prot opt in out source destination 0 0 logaborted2 all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 10 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 2/min burst 1 LOG flags 0 level 4 prefix `LIMITED ' Chain logaborted2 (1 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 7 level 4 prefix `ABORTED ' 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED Chain logdrop (8 references) pkts bytes target prot opt in out source destination 29 2072 logdrop2 all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 10 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 2/min burst 1 LOG flags 0 level 4 prefix `LIMITED ' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain logdrop2 (1 references) pkts bytes target prot opt in out source destination 29 2072 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 7 level 4 prefix `DROPPED ' 29 2072 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain logreject (0 references) pkts bytes target prot opt in out source destination 0 0 logreject2 all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 10 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 2/min burst 1 LOG flags 0 level 4 prefix `LIMITED ' 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset 0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain logreject2 (1 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 7 level 4 prefix `REJECTED ' 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset 0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain nicfilt (1 references) pkts bytes target prot opt in out source destination 3 252 RETURN all -- eth0 * 0.0.0.0/0 0.0.0.0/0 0 0 RETURN all -- eth0 * 0.0.0.0/0 0.0.0.0/0 0 0 RETURN all -- lo * 0.0.0.0/0 0.0.0.0/0 3 144 RETURN all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 0 0 logdrop all -- * * 0.0.0.0/0 0.0.0.0/0 Chain s0 (1 references) pkts bytes target prot opt in out source destination 0 0 f0to1 all -- * * 0.0.0.0/0 192.168.100.2 0 0 f0to1 all -- * * 0.0.0.0/0 192.168.100.255 0 0 f0to1 all -- * * 0.0.0.0/0 127.0.0.1 3 144 f0to1 all -- * * 0.0.0.0/0 212.24.77.56 0 0 f0to2 all -- * * 0.0.0.0/0 192.168.100.0/24 0 0 logdrop all -- * * 0.0.0.0/0 0.0.0.0/0 Chain s1 (1 references) pkts bytes target prot opt in out source destination 24 3780 f1to2 all -- * * 0.0.0.0/0 192.168.100.0/24 11 728 f1to0 all -- * * 0.0.0.0/0 0.0.0.0/0 Chain s2 (1 references) pkts bytes target prot opt in out source destination 3 252 f2to1 all -- * * 0.0.0.0/0 192.168.100.2 0 0 f2to1 all -- * * 0.0.0.0/0 192.168.100.255 0 0 f2to1 all -- * * 0.0.0.0/0 127.0.0.1 0 0 f2to1 all -- * * 0.0.0.0/0 212.24.77.56 26 1928 f2to0 all -- * * 0.0.0.0/0 0.0.0.0/0 Chain srcfilt (2 references) pkts bytes target prot opt in out source destination 29 2180 s2 all -- * * 192.168.100.0/24 0.0.0.0/0 3 144 s0 all -- * * 0.0.0.0/0 0.0.0.0/0 and the output of iptables -nvL -t nat is: Chain PREROUTING (policy ACCEPT 46 packets, 3274 bytes) pkts bytes target prot opt in out source destination 43 3130 loc_dnat all -- eth0 * 0.0.0.0/0 0.0.0.0/0 Chain POSTROUTING (policy ACCEPT 26 packets, 3083 bytes) pkts bytes target prot opt in out source destination 11 728 ppp_masq all -- * ppp+ 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 26 packets, 3083 bytes) pkts bytes target prot opt in out source destination Chain loc_dnat (1 references) pkts bytes target prot opt in out source destination 0 0 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128 0 0 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128 Chain ppp_masq (1 references) pkts bytes target prot opt in out source destination 0 0 MASQUERADE all -- * * 192.168.100.0/24 0.0.0.0/0 Quote Link to comment Share on other sites More sharing options...
streeter Posted July 26, 2005 Report Share Posted July 26, 2005 Ouch - long firewall list... When you try to access the Internet from the laptop, the packets follow this route through your rules and get dropped: Chain FORWARD (policy DROP 0 packets, 0 bytes) 26 1928 srcfilt all -- * * 0.0.0.0/0 0.0.0.0/0 Chain srcfilt (2 references) 29 2180 s2 all -- * * 192.168.100.0/24 0.0.0.0/0 Chain s2 (1 references) 26 1928 f2to0 all -- * * 0.0.0.0/0 0.0.0.0/0 Chain f2to0 (1 references) 26 1928 logdrop all -- * * 0.0.0.0/0 0.0.0.0/0 Chain logdrop (8 references) 29 2072 logdrop2 all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 10 Chain logdrop2 (1 references) 29 2072 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 7 level 4 prefix `DROPPED ' 29 2072 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 So, try typing this as root: iptables -I FORWARD 1 -s 192.168.100.0/24 -j ACCEPT and let us know what happens! (it Inserts a rule to allow anything from your LAN at the top of the FORWARD table) Your firewall ruleset really does not need to be that long - there are a lot of redundant entries in there... Chris Quote Link to comment Share on other sites More sharing options...
angst Posted July 27, 2005 Report Share Posted July 27, 2005 i'm sure streeter will get you straightened out here but I would just like to add that I have used the shorewall two interface guide many times to set up (ICS, NAT, IP masquerading, whatever you wanna call it) over my dialup connection without too much trouble. When I have had problems its always been because I didn't carefully follow directions. Thats actually a link to a frame from their web pages to make it easier to find. The full URL is Shoreline Firewall but then you would have to root out proper page. Quote Link to comment Share on other sites More sharing options...
Guest skandia Posted July 28, 2005 Report Share Posted July 28, 2005 Hi Thank you Streeter & Angst for your replies. I have applied Streeters new iptables rule ............. Before applying the rule the browser on the laptop could not resolve the website address After applying the new rule the website address is resolved (and I can ping internet address such as www.bbc.co.uk). However, the laptop browser gets no further than stating that it is connecting to www.bbc.co.uk For info I am using a wireless LAN on the laptop connecting to a buffalo airstation. Airstation set to ip address 192.168.100.1 I can ping both ways from the Mandriva machine to the laptop. I can also access the buffalo airstation set up 'web page' from the mandrake machine and the laptop. Quote Link to comment Share on other sites More sharing options...
streeter Posted July 29, 2005 Report Share Posted July 29, 2005 Chain loc_dnat (1 references) pkts bytes target prot opt in out source destination 0 0 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128 0 0 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3128 Haven't got time at the minute to follow the chains through, but this is redirecting all HTTP traffic through Squid, which is presumeably not working properly... Try adding this rule: iptables -t nat -D PREROUTING -i eth0 -j loc_dnat Should work - deletes the path to the redirection rule. Chris Quote Link to comment Share on other sites More sharing options...
Guest skandia Posted July 29, 2005 Report Share Posted July 29, 2005 Thanks again streeter this was reported when I tried the rule you suggested iptables: Bad rule (does a matching rule exist in that chain?) which I guess does as the rule is the same as the one to be added to etc/rcd/rc.local your setup guide Quote Link to comment Share on other sites More sharing options...
streeter Posted July 30, 2005 Report Share Posted July 30, 2005 Try turning off shorewall - a lot of those rules are unnecessary for a simple network... Below is a cut down, basic firewall which can be put in a file in /etc/rc.d/init.d. Call it tables or something and put symlinks in /etc/rc3.d and rc5.d to run it at boot. It is very basic (doesn't do protection from DOS attacks etc, but we are on dial up here so being practical, that's not really a problem). It gives pretty good protection and will be easy to troubleshoot. See how you get on... #flush the tables iptables -F iptables -t nat -F iptables -X common iptables -N common # Create new chain called common #Default policies iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT iptables -A INPUT -i ppp+ -m state --state ESTABLISHED,RELATED -j ACCEPT # allow established packets in ppp0 iptables -A INPUT -i ppp+ -j DROP # drop all other packets coming in to ppp0 iptables -A INPUT -j common iptables -A FORWARD -j common iptables -A common -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A common -s 127.0.0.1 -j ACCEPT iptables -A common -s 192.168.100.0/24 -j ACCEPT iptables -A common -j LOG --log-prefix "Chain common" iptables -A common -j DROP #Log, then Dump the rest iptables -t nat -A POSTROUTING -o ppp+ -s 192.168.100.0/24 -d 0/0 -j MASQUERADE Quote Link to comment Share on other sites More sharing options...
Qchem Posted August 1, 2005 Report Share Posted August 1, 2005 Please post back on how this goes, I may have to pin this firewall setup if it's useful. Quote Link to comment Share on other sites More sharing options...
Guest skandia Posted August 2, 2005 Report Share Posted August 2, 2005 Hi Finally got some spare time. to try out streets help I was not 100% happy with a limited firewall so I thought I would try out Guarddog. I removed Shorewall and installed Guarddog an iptablels configuation GUI which I could get my head around! and bingo all worked OK! :P Thanks again for all the help Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.