Firewall Wizards mailing list archives
Ipchains Questions!
From: "Δημήτρης Δεμίρης" <ddemiris () microstore gr>
Date: Fri, 1 Nov 2002 14:32:06 +0200 (EET)
Hello, Here is the problem: I have a linux server that acts as a router for a network. It has two ethernet cards installed and a permanent connection on one card. I want to be able to "cut" the internet access on a group of workstations e.g. 192.168.1.21 to 192.168.1.30 but to have lan access...the firewall is working with ipchains now just fine.. I'm sending you my example /etc/rc.d/init.d/firewall script... #!/bin/sh /sbin/depmod -a /sbin/modprobe ip_masq_ftp echo "1" > /proc/sys/net/ipv4/ip_forward extip="192.168.0.1" extif="eth0" intif="eth1" intnet="192.168.1.0/24" ipchains -M -S 7200 10 60 ipchains -F input ipchains -P input REJECT ipchains -F output ipchains -P output REJECT ipchains -F forward ipchains -P forward DENY # Setup input policy # local interface, local machines, going anywhere is valid ipchains -A input -i $intif -s $intnet -d 0.0.0.0/0 -j ACCEPT # reject IP spoofing where external computer claims to be a local ipchains -A input -i $extif -s $intnet -d 0.0.0.0/0 -l -j REJECT # allow external access via external interface ipchains -A input -i $extif -s 0.0.0.0/0 -d $extip/32 -j ACCEPT # loopback interface is valid ipchains -A input -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT # Setup output policy # all outgoing traffic is allowed ipchains -A output -i $intif -s 0.0.0.0/0 -d $intnet -j ACCEPT # prevent traffic for local network from using external interface ipchains -A output -i $extif -s 0.0.0.0/0 -d $intnet -l -j REJECT # prevent traffic from local network from using external interface ipchains -A output -i $extif -s $intnet -d 0.0.0.0/0 -l -j REJECT # anything else can go out ipchains -A output -i $extif -s $extip/32 -d 0.0.0.0/0 -j ACCEPT # loopback interface is valid ipchains -A output -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT # Setup forwarding policy # Masquerade local net traffic to anywhere ipchains -A forward -i $extif -s $intnet -d 0.0.0.0/0 -j MASQ Thank you in advance.. ----------------------------------------------------------------- Dimitris P. Demiris -- System Administrator, Microstore SA K. Kartali 206, 38221 Volos - Greece. Tel : +30421-78230 / +30421-47802 Fax : +30421-78232 / +30421-49835 GSM Phone : +30932-254990 Email: Dimitris.Demiris () microstore gr WWW : http://www.microstore.gr ICQ Number: 127016024 Fingerprint: 5D8F F443 C09A 768A 88A7 4AF1 DEC3 8353 9F1C C4FD ----------------------------------------------------------------- -Gorgan Network- _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Ipchains Questions! Δημήτρης Δεμίρης (Nov 01)