iptables

From: Julien Cigar (mage_at_mordor.ath.cx)
Date: 06/22/03


Date: Sun, 22 Jun 2003 21:17:51 +0200

Hello,

I'm running Linux and iptables. I have the following rules :

IPTABLES="/sbin/iptables"
EXTIF="ppp0"
DSLIF="eth0"
INTIF="eth1"
LOIF="lo"

$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT ACCEPT

echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

for IP in 10 11 12
do
  $IPTABLES -t nat -A POSTROUTING -o $EXTIF -s 192.168.0.$IP -j MASQUERADE
done

$IPTABLES -A INPUT -p udp -j ACCEPT

$IPTABLES -A INPUT -i $LOIF -j ACCEPT
$IPTABLES -A INPUT -i $DSLIF -j ACCEPT

$IPTABLES -A INPUT -i $INTIF -s 192.168.0.2 -m mac --mac-source 00:80:C8:15:12:5A -j ACCEPT
$IPTABLES -A INPUT -i $INTIF -s 192.168.0.10 -m mac --mac-source 00:48:54:63:60:F5 -j ACCEPT
$IPTABLES -A INPUT -i $INTIF -s 192.168.0.11 -m mac --mac-source 00:48:54:6B:2E:B2 -j ACCEPT
$IPTABLES -A INPUT -i $INTIF -s 192.168.0.12 -m mac --mac-source 00:09:92:00:36:C7 -j ACCEPT

for PORT in 22 25 80 113
do
  $IPTABLES -A INPUT -i $EXTIF -p tcp --dport $PORT -m state --state RELATED,ESTABLISHED -j ACCEPT
done

for TYPE in 0 3 11
do
  $IPTABLES -A INPUT -i $EXTIF -p icmp --icmp-type $TYPE -m state --state RELATED,ESTABLISHED -j ACCEPT
done

I know this is a paranoid firewall...
All works except when I want to connect to an irc server ...
I can't connect to it, and I don't see what's wrong with my rules ?
Also if you found anomalies or ... in my rules, please say it to me :p

Anybody has an idea ?

Thanks for your help and sorry for my @!# english.



Relevant Pages

  • Linux IPTables tutorial pdfs and plain text available
    ... I posted a while back notice about an IPTables tutorial series which goes from nothing to EVERYTHING. ... I know the texts are far from perfect, however I have to mention that English is not my first language, it isn't even my second. ...
    (comp.os.linux.networking)
  • Linux IPTables tutorial pdfs and plain text available
    ... I posted a while back notice about an IPTables tutorial series which goes from nothing to EVERYTHING. ... I know the texts are far from perfect, however I have to mention that English is not my first language, it isn't even my second. ...
    (comp.os.linux.security)