| 1 |
On Mon, 2001-10-01 at 18:31, Sebastian Werner wrote: |
| 2 |
> Hey gentoo-developer, |
| 3 |
> |
| 4 |
> is there anybody who has worked some time with iptables. I need a |
| 5 |
> solution to get a network in the internet. I have read some material |
| 6 |
> about security and so on, but there is not so much about NAT. I want |
| 7 |
> that all ports (http, https, ftp, pop3, smtp) and all requests go to all |
| 8 |
> the network-clients. I don't want to study a more than 100 page book for |
| 9 |
> this smart solution (under windows I must only activate internet |
| 10 |
> connection sharing - I want this for linux) |
| 11 |
> |
| 12 |
> Ok I am a bad guy, please help me if you have a minute to much today, |
| 13 |
> |
| 14 |
> Thanks, |
| 15 |
> |
| 16 |
> Sebastian |
| 17 |
> sebastian@××××××××××××××××××.de |
| 18 |
> http://www.werner-productions.de |
| 19 |
> |
| 20 |
> |
| 21 |
> |
| 22 |
|
| 23 |
Hi |
| 24 |
|
| 25 |
This is a simple example from Rusty's packet-filtering-HOWTO. |
| 26 |
It uses simple statefull filtering (related connections is allowed back |
| 27 |
in, but no NEW connections is allowed in). |
| 28 |
|
| 29 |
------------cut here------------------------------------ |
| 30 |
#!/bin/bash |
| 31 |
|
| 32 |
# Load the required modules if modular kernel is used |
| 33 |
/sbin/modprobe ip_conntrack_ftp |
| 34 |
/sbin/modprobe ip_conntrack |
| 35 |
/sbin/modprobe ip_tables |
| 36 |
|
| 37 |
# Masquerade out ppp0 |
| 38 |
/sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE |
| 39 |
|
| 40 |
# Disallow NEW and INVALID incoming or forwarded |
| 41 |
# packets from ppp0. |
| 42 |
/usr/sbin/iptables -A INPUT -i ppp0 -m state \ |
| 43 |
--state NEW,INVALID -j DROP |
| 44 |
/usr/sbin/iptables -A FORWARD -i ppp0 -m state \ |
| 45 |
--state NEW,INVALID -j DROP |
| 46 |
|
| 47 |
# Turn on IP forwarding |
| 48 |
echo 1 > /proc/sys/net/ipv4/ip_forward |
| 49 |
---------cut here--------------------------------------------- |
| 50 |
|
| 51 |
Hope it is of some help. |
| 52 |
|
| 53 |
|
| 54 |
Greetings, |
| 55 |
MS |
| 56 |
-- |
| 57 |
|
| 58 |
Martin Schlemmer |
| 59 |
Gentoo Linux Developer, Desktop Team Developer |
| 60 |
Cape Town, South Africa |
| 61 |
Town, South Africa |
Archives