Visit Our UNIX and Linux User Community


My iptables does not work


 
Thread Tools Search this Thread
Operating Systems Linux Ubuntu My iptables does not work
# 1  
Old 08-11-2013
Ubuntu My iptables does not work

Hello folks !

I am trying to set up my firewall the way it's done in this link:

in google, 'rusty's really quick guide to packet filtering' (cannot put web link in my post).

here is my fw hard settings:

adsl modem*192.168.0.22/29----192.168.0.17/29*eth0=fw=172.16.5.25/29*eth1----172.16.5.26/29*pc.in internal network

here is my iptables file:
Code:
#!/bin/sh

### SET VARIABLES

echo "** setting up variables..."

IPTABLES='sudo /sbin/iptables'
IP6TABLES='sudo /sbin/ip6tables'
MODPROBE='sudo /sbin/modprobe'
INT_NET='172.16.5.24/29'
INT_INTF=eth1
EXT_INTF=eth0


### LOAD MODULES

echo "** Loading modules..."

$MODPROBE iptable_filter 
$MODPROBE iptable_nat 
$MODPROBE nf_nat
$MODPROBE nf_conntrack_ipv4
$MODPROBE nf_conntrack
$MODPROBE ip_tables 
$MODPROBE x_tables

### FLUSH EVERYTHING

echo "** Flushing existing iptables rules..."

$IPTABLES -F INPUT 
$IPTABLES -F OUTPUT 
$IPTABLES -F FORWARD
$IPTABLES -F -t nat
$IPTABLES -X

echo "** Building fw main rule..."

$IPTABLES -N block
$IPTABLES -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A block -m state --state NEW -i !eth0 -j ACCEPT
$IPTABLES -A block -j DROP

$IPTABLES -A INPUT -j block
$IPTABLES -A FORWARD -j block


iptables -t nat -A POSTROUTING -s $INT_NET -o eth1 -j MASQUERADE

When I apply it (sudo ./<file name>), it works without any error.
But then, I cannot access internet anymore from pc in internal network.
Before I apply this bash, it worked with a simple masquerade:
Code:
sudo iptables -t nat -A POSTROUTING -o eth1 -s 172.16.5.24/29 -j MASQUERADE

NB.: to remove the block chain, you need to do the following:
Code:
sudo iptables -F block 
sudo iptables -X block

otherwise, it's unremovable with the following error message: 'iptables: Directory not empty'

Of course,later on, other rules will be put inside iptables (anti-flood, anti-fragments, anti-spoof (although should be useless here), no malformed pkts, and so on...)

any idea folks?

Many thanx to you.

Last edited by Don Cragun; 08-11-2013 at 07:42 PM.. Reason: Change ICODE tags to CODE tags; add other CODE tags
# 2  
Old 08-16-2013
Do you actually have only subnets of 6 hosts each (/29) ?

Previous Thread | Next Thread
Test Your Knowledge in Computers #803
Difficulty: Medium
The CSS counter-increment property increases or decreases the value of one or more CSS counters.
True or False?

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

iptables redirect does not seem to work, for the little I understand

Hello to everybody How can I tell if this command is working? Fedora terminal: $ sudo iptables -t nat -A OUTPUT -p tcp --dport 1935 -j REDIRECTI understand that after this command Firefox should be unable to receive RTMP streaming that use port 1935. But nothing changes Firefox receives the... (0 Replies)
Discussion started by: francus
0 Replies

2. IP Networking

NAT via iptables - Won't work!!

Hi guys I'm running on debian on a small embedded system. I have a ppp interface that is connected to the internet (and works). My unit also has wifi access point (which works and I can connect to it). I want to allow connections to the wifi to be able to use the internet from ppp0... (1 Reply)
Discussion started by: alirezan1
1 Replies

3. IP Networking

Discussion at work, would a router work pluging a cable in wan1 and lan1?

hi all. and sorry for the random question, but this sparkled a raging flame-war at work and i want more points of view situation a router, with linux of some sort, dhcp client requesting for ip in wan1 (as usual with wan ports) dhcp server listening in lan1, and assigning ip (as usual... (9 Replies)
Discussion started by: broli
9 Replies

4. IP Networking

iptables port forwarding does not work while I have 2 routes

Hi, On my linux server I have 2 routes: Code: nexthop via 123.201.254.5 dev eth0 weight 38 nexthop via 111.93.155.149 dev eth2 weight 36 I have a iptable rule like : iptables -t nat -A PREROUTING -p tcp -i eth0 -d... (5 Replies)
Discussion started by: ashokvpp
5 Replies

5. Shell Programming and Scripting

My script work on Linux but not work in sunos.

My script work on Linux but not work in sun os. my script. logFiles="sentLog1.log sentLog2.log" intial_time="0 0" logLocation="/usr/local/tomcat/logs/" sleepTime=600 failMessage=":: $(tput bold)Log not update$(tput rmso) = " successMessage="OK" arr=($logFiles)... (7 Replies)
Discussion started by: ooilinlove
7 Replies

6. IP Networking

NIC will not work, but it did work.

I have a client machine that was built and loaded with SCO UNIX 2.1.3, (yes it is old). The machine worked fine on the closed network that I tested on in my shop. I then had to change it to the network that it would be connected to. Below is the host file, router and subnet mask file that I usually... (0 Replies)
Discussion started by: NC user
0 Replies

7. Linux

Come and work for me! (UK)

********nothing too see here!!!****** (2 Replies)
Discussion started by: TonyChapman
2 Replies

8. UNIX for Advanced & Expert Users

how does this work....

1|foo|bar 2|usa|ll 3|usa|vg 4|usa|vg 5|bar|vg 6|usa|vg 7|usa|ll 8|uk|nn 9|foo|manu|bar 10|uk|bb 11|foo|mm 12|kuwait|jkj 13|kuwait|mm 14|dubai|hh awk '/foo/,/bar/' test_file1----command run at the prompt output should have been the first 3 lines...... 1|foo|bar (1 Reply)
Discussion started by: bishweshwar
1 Replies

9. UNIX for Dummies Questions & Answers

Script doesn't work, but commands inside work

Howdie everyone... I have a shell script RemoveFiles.sh Inside this file, it only has two commands as below: rm -f ../../reportToday/temp/* rm -f ../../report/* My problem is that when i execute this script, nothing happened. Files remained unremoved. I don't see any error message as it... (2 Replies)
Discussion started by: cheongww
2 Replies

10. UNIX for Advanced & Expert Users

how does this work???

can someone tell me the meaning of this commnad, If you want to see a grand total of CPU time for a program when it finishes running, you can use the time command. At the Unix prompt, enter: time java myprog Replace myprog with the name of the program you are running. The following is an... (1 Reply)
Discussion started by: ldpathak
1 Replies

Featured Tech Videos