Hello folks !
I am trying to set up my firewall the way it's done in this link:
in google, 'rusty's really quick guide to packet filtering' (cannot put web link in my post).
here is my fw hard settings:
adsl modem*192.168.0.22/29----192.168.0.17/29*eth0=fw=172.16.5.25/29*eth1----172.16.5.26/29*pc.in internal network
here is my iptables file:
#!/bin/sh
### SET VARIABLES
echo "** setting up variables..."
IPTABLES='sudo /sbin/iptables'
IP6TABLES='sudo /sbin/ip6tables'
MODPROBE='sudo /sbin/modprobe'
INT_NET='172.16.5.24/29'
INT_INTF=eth1
EXT_INTF=eth0
### LOAD MODULES
echo "** Loading modules..."
$MODPROBE iptable_filter
$MODPROBE iptable_nat
$MODPROBE nf_nat
$MODPROBE nf_conntrack_ipv4
$MODPROBE nf_conntrack
$MODPROBE ip_tables
$MODPROBE x_tables
### FLUSH EVERYTHING
echo "** Flushing existing iptables rules..."
$IPTABLES -F INPUT
$IPTABLES -F OUTPUT
$IPTABLES -F FORWARD
$IPTABLES -F -t nat
$IPTABLES -X
echo "** Building fw main rule..."
$IPTABLES -N block
$IPTABLES -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A block -m state --state NEW -i !eth0 -j ACCEPT
$IPTABLES -A block -j DROP
$IPTABLES -A INPUT -j block
$IPTABLES -A FORWARD -j block
iptables -t nat -A POSTROUTING -s $INT_NET -o eth1 -j MASQUERADE
When I apply it (sudo ./<file name>), it works without any error.
But then, I cannot access internet anymore from pc in internal network.
Before I apply this bash, it worked with a simple masquerade:
sudo iptables -t nat -A POSTROUTING -o eth1 -s 172.16.5.24/29 -j MASQUERADE
NB.: to remove the block chain, you need to do the following:
sudo iptables -F block
sudo iptables -X block
otherwise, it's unremovable with the following error message: 'iptables: Directory not empty'
Of course,later on, other rules will be put inside iptables (anti-flood, anti-fragments, anti-spoof (although should be useless here), no malformed pkts, and so on...)
any idea folks?
Many thanx to you.