Hello and Welcome from United States to the UNIX and Linux Forums! Thank You for Visiting and Joining Our Global Community.
|
Hello and Welcome from United States to the UNIX and Linux Forums! Thank You for Visiting and Joining Our Global Community.
|
|
google unix.com
|
|||||||
| Forums | Register | Forum Rules | Links | Albums | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
 |
| UNIX for Dummies Questions & Answers If you're not sure where to post a UNIX or Linux question, post it here. All UNIX and Linux newbies welcome !! |
More UNIX and Linux Forum Topics You Might Find Helpful
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| IPtables | 182x | IP Networking | 1 | 11-28-2006 02:03 AM |
| iptables, internet and vpn | blesets | IP Networking | 1 | 06-10-2006 12:42 AM |
| best frontend for iptables? | piltrafa | UNIX for Dummies Questions & Answers | 3 | 08-17-2005 01:23 PM |
| Linux IPTABLES help | nogumo | UNIX for Dummies Questions & Answers | 0 | 06-18-2005 07:31 PM |
| iptables, ftp | sTorm | UNIX for Dummies Questions & Answers | 2 | 03-19-2002 03:18 AM |
 |
Powered by 
|
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
|
|
05-30-2003
|
||||
|
||||
|
IPtables
How's it going everyone? I am having a little issue with iptables on a Red Hat Linux 7.3 with a 2.4x kernel. I have no problem keeping people out, but I do have a problem with allowing people inside to go out. 192.168.34.0/24 is my interior address, while 207.26.18.144/28 is my outside.
Here is what my iptables file looks like: # Generated by iptables-save v1.2.5 on Fri May 30 13:41:58 2003 *filter :INPUT DROP [1:84] :FORWARD DROP [11:855] :OUTPUT ACCEPT [1:84] [0:0] -A INPUT -s 192.168.34.0/24 -j ACCEPT [0:0] -A FORWARD -s 192.168.34.0/24 -d 207.26.18.144/28 -j ACCEPT [0:0] -A OUTPUT -j ACCEPT [0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT [0:0] -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT COMMIT # Completed on Fri May 30 13:41:58 2003 I want people who are in the 192.168.34.0/24 to be able to get out, while continuously blocking out everyone on the 207.26.18.144/28. I feel that I am not that far off from getting what I want, but I cannot put my finger on it. By the way, if I can get out of it, I don't want to NAT. I just want to stick with the FILTER table if at all possible. Thanks in advance |
|
05-30-2003
|
|||||
|
|||||
|
Not sure if this will help or not but searching this site for IPtables brings up some interesting post from the past (including one you posted and solved by yourself)
iptables: block / allow |
|
05-30-2003
|
||||
|
||||
|
I got mixed results from your hyperlink, RTM. I was able to ping from a workstation on the inside(192.168.34.31) to 207.26.18.147(the outside card of the firewall). However, I cannot ping anything else on the outside subnet(207.26.18.144/240). When I kill the firewall, I have no problems pinging the outside subnet at all. Could this be a routing issue that I need to sort out?
|
|
05-31-2003
|
||||
|
||||
|
I believe that I have figured it out. This iptable file seems to working for me just fine.
# Generated by iptables-save v1.2.5 on Sat May 31 19:01:09 2003 *filter :INPUT ACCEPT [868:384657] :FORWARD ACCEPT [129:8770] :OUTPUT ACCEPT [838:49044] [46:4220] -A INPUT -s 192.168.34.0/255.255.255.0 -j ACCEPT [44:2612] -A INPUT -j DROP [0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT [162:34278] -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT [27:2166] -A FORWARD -i eth0 -o eth1 -j DROP [18:1080] -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT COMMIT # Completed on Sat May 31 19:01:09 2003 I may throw another comment to kill ICMP pings, but other than that, it seems to fit my qualifications. Hopefully, it appears that I may have figured this one on my own. |
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Hybrid Mode
