You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2007-04-15 16:38:09
- brainwasher
- Member
- From: Lucca (Italy)
- Registered: 2007-01-04
- Posts: 81
- Website
iptables gateway
hi, i've this lan :
eth0 eth1
Internet >> router ->> gateway ->> switch ->> pc1, pc2, pc3
I want that my gateway works like a firewall, so i've modifyd an iptables script :
# first set the default behaviour => accept connections
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
# Create 2 chains, it allows to write a clean script
iptables -N FIREWALL
iptables -N TRUSTED
# Allow ESTABLISHED and RELATED incoming connection
iptables -A FIREWALL -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow loopback traffic
iptables -A FIREWALL -i lo -j ACCEPT
# Send all package to the TRUSTED chain
iptables -A FIREWALL -j TRUSTED
# DROP all other packets if any rules are satisfied
iptables -A FIREWALL -j DROP
# Send all INPUT packets to the FIREWALL chain
iptables -A FORWARD -j FIREWALL
# Allow https
iptables -A TRUSTED -p udp -m udp --sport 443 -j ACCEPT
iptables -A TRUSTED -p tcp -m tcp --sport 443 -j ACCEPTBut all connections on the FORWARD chain seems are dropped, killed, terminated 
iptables -A FIREWALL -m state --state ESTABLISHED,RELATED -j ACCEPTThis doesn't work, so packet are dropped....
Help me !!
Last edited by brainwasher (2007-04-16 12:38:16)
Offline
#2 2007-04-15 17:10:05
- ralvez
- Member
- From: Canada
- Registered: 2005-12-06
- Posts: 1,694
- Website
Re: iptables gateway
If you want an easy to maintain and efficient firewall, install firestarter (pacman -Sy firestarter) and it will assist you on creating any iptables you need to protect your system.
I used to do it "by hand" but after firestarter never again.
Hope this helps.
Offline
#3 2007-04-15 17:15:10
- brainwasher
- Member
- From: Lucca (Italy)
- Registered: 2007-01-04
- Posts: 81
- Website
Re: iptables gateway
i dont have x or gnome, i wont install them...
Offline
Pages: 1