I need some advice of a wise person and iptables

I need some advice of a wise person and iptables

Post by Paul » Wed, 08 May 2002 08:56:38



 Hi..

 Well,, I have setup a slow linux machine to act as a router for my other
machines connected to it. I have my own private news server running on it's
own internal address of 192.168.0.20, and have the main router box (static
ip) forwarding any requests to port 119 to the news server. Instead of
rewriting all of the firewall rules, I just kept the linux default running
and added these lines to my rc.firewall;

## Masq
$IPTABLES -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

$IPTABLES -A FORWARD -s 192.168.0.0/24 -j ACCEPT
$IPTABLES -A FORWARD -d 192.168.0.0/24 -j ACCEPT
$IPTABLES -A FORWARD -s ! 192.168.0.0/24 -j DROP

## Make sure to turn on ip forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

echo " Route incoming ppp0 at port 119 NEWS SERVER, to 192.168.0.20:119"
$IPTABLES -A PREROUTING -t nat -p tcp -i ppp0 --dport 119 -j DNAT --to
192.168.0.20:119

# DROP HTTP packets related to CodeRed and Nimda viruses silently
$IPTABLES -t filter -A INPUT -i ppp0 -p tcp -d 67.140.137.30 --dport 80 -m
string \
   --string "/default.ida?" -j DROP
$IPTABLES -t filter -A INPUT -i ppp0 -p tcp -d 67.140.137.30 --dport 80 -m
string \
   --string ".exe?/c+dir" -j DROP
$IPTABLES -t filter -A INPUT -i ppp0 -p tcp -d 67.140.137.30 --dport 80 -m
string \
   --string ".exe?/c+tftp" -j DROP

 My 2 problems are that I can not access the newsserver from inside my own
network, but can from the outside. How do I fix this so I can access it
from any machine inside AND out?

 Also,  with this forwarding;

echo " Route incoming ppp0 at port 119 NEWS SERVER, to 192.168.0.20:119"
$IPTABLES -A PREROUTING -t nat -p tcp -i ppp0 --dport 119 -j DNAT --to
192.168.0.20:119

 Does the above say to allow both in and out? (receive from news peers and
send back to peers), or do I need to add something I missed for both
in-out??

 Any HELP will be greatly appreciated..

 Paul

 
 
 

1. Need wise expert advice

Thanks for reading my post. I will not bother you with all the details of
what for and why, but I will need to describe my position to make my
question worthwile.

I have a commercial background and have still very little experience, mostly
in logistics and marketing. However I met some companies in a Employement -
Forum and were all looking for IT consultants. Information Technology is a
broad subject but in few words it could be very interesting to work in it.
However companies require more than an interest in computers, like mine,
they require programming experience. OH yeah? Well I 've said to myself why
shouldn't I try? Learn some stuff... Could be cool?

So my question will have to resume all the unknown of programming. I would
like to make myself a experience in Unix to be able to deal when everybody
will use Linux. At least that's the only reason I could give, because I
don't know about other languages and what they are for...

So, could you give me a simplistic view of the programming languages
"market" (what purpose and environnement) and may be an advice of what I
could try to learn first?

Thanks

Thomas

2. Problem in add users

3. career advice rom the wise minds present....

4. Help this newbie plz ... can't get mandrake setup past "Initializing cd-rom .."

5. Moving to iptables from ipchains - need advice

6. Increasing shared memory on 1.2.13?

7. I need some Iptables usage advice

8. Stealth 3d 2000

9. my iptables rules, need suggestions and advice

10. Need some expert advice with iptables port 25 (rate limiting) or using tcp_wrappers

11. Wise advise needed: choosing right portable db/middleware for Solaris

12. Matrox Mystique ands X.

13. Need help from the WISE