Re: Iptable doesn't work

From: Colin McKinnon (colin@EditMeOutUnlessYoureABot.wew.co.uk)
Date: 12/27/01

  • Next message: Todd Knarr: "Re: Read a file with only execute permission?"

    From: "Colin McKinnon" <colin@EditMeOutUnlessYoureABot.wew.co.uk>
    Date: Thu, 27 Dec 2001 13:03:26 -0000
    
    

    Baruah <b_baruah@hotmail.com> wrote in message
    news:506277bd.0112250103.34bc939e@posting.google.com...
    <snip>
    > There are several computers(1....N) connected to the SERVER.
    >
    > I'm trying to put iptables instead of ipchains in my SERVER.
    >
    > On the SERVER I'm running Squid as a proxy server.
    >
    >
    > Now, I want some computers to access internet and some don't.The
    > pc's belonging to the persons who have an account in the proxy are to
    > be allowed to go through.So, I tried the below configuration in my
    > iptables to avoid Ip-Spoofing inside my own network.
    >
    >
    > *filter
    > :INPUT ACCEPT [255:28806]
    > :FORWARD DROP [0:0]
    > :OUTPUT ACCEPT [13:972]

    Use the redirection / access controls in squid - much easier - also you
    won't have to rewrite your rules every time the firewall / network changes.

    If your sure that your users are smart enough to spoof an ip address but
    dumb enough not change the MAC address too, then try arpwatch.

    HTH

    Colin



    Relevant Pages

    • Re: NIS client couldnt log in
      ... >> off iptables, the client bound to the server and all the yptools ... and ypbind in broadcast mode (ypcat and ypwhich would ... >> work at all if i specified the server). ... Further, ypbind uses the ...
      (RedHat)
    • Static IP w/ PPPoe xDSL Firewall
      ... iptables -F -t nat ... # Kill malformed XMAS packets ... # Refuse incoming packets pretending to be from the external address. ... # server/client to server query or response ...
      (comp.os.linux.networking)
    • Need help configuring IPtables w/ DMZ, 2 LAN, and INET
      ... I am desperately in need of assistance in configuring an IPtables ... firewall on a Red Hat Linux 9.0 server. ... Chain FORWARD ... tcp dpt:25 flags:0x16/0x02 ...
      (comp.os.linux.networking)
    • Re: Modprobe question
      ... >> Made some minor changes to iptables and did a restart. ... >> modprobe seems to be doing something but I can't tell what. ... >> course the server seems to be running fine. ...
      (alt.linux)
    • connection lost when scanned with nmap - iptables
      ... The iptables script applied to the NIC is shown below. ... the web server or ssh into the server when I do this scan. ... echo 2> $f ... # Refuse packets claiming to be from a Class A private network. ...
      (comp.os.linux.security)