Mailinglist Archive: opensuse (3261 mails)
| < Previous | Next > |
RE: [SLE] Help with a making NAT example
- From: "Andrew Smith" <andrew@xxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 18 Apr 2001 19:17:10 +0100
- Message-id: <ACEFLOPOOIHPJCLNPJKCOEMHDHAA.andrew@xxxxxxxxxxxxxxxxxxxx>
Hi
Here is the script I use on my server to act as a gateway and firewall.
Server IP is 192.168.10.2, local net is 192.168.10.x, external IP changes
and is defined as $EXTIP. The script is a bit tatty cos I've modified it a
lot, but it works. :o) I think section 3 is what you are looking for...
I hope this helps,
Andrew
----<SNIP>----
#!/bin/bash
#
# fwgw script
#
# Combined firewall & gateway for linux kernels 2.2.x (and above?)
# by Andrew Smith (fwgw@xxxxxxxxxxxxxxxxxxx)
#
# (c) Copyright 2000
#
# Published under the GNU License
#
# Usual liability sham - don't blame me if this don't work :o)
#
#
#
echo "1. Initalising: Setting variables..."
EXTIP=`/sbin/ifconfig ppp0 | grep inet | awk '{print $2}' | awk
'{FS=":"}END{ print $2}'`
echo " ...and flushing existing rulsets..."
ipchains -F
ipchains -P input ACCEPT
ipchains -P forward ACCEPT
ipchains -P output ACCEPT
echo " ...done!"
echo "2. Allow all local traffic..."
ipchains -A input -i eth0 -s 192.168.10.0/24 -d 192.168.10.0/24 -j ACCEPT
ipchains -A input -i lo -s 192.168.10.2 -j ACCEPT
ipchains -A input -i lo -s 127.0.0.1 -j ACCEPT
echo " ...done!"
echo "3. Set up internet gateway..."
ipchains -A forward -s 192.168.10.0/24 -j MASQ
ipchains -A forward -d 192.168.10.0/24 -j MASQ
echo 1 > /proc/sys/net/ipv4/ip_forward
echo " ...done!"
#ipchains -l -A input -p tcp -s 213.122.219.103 -j ACCEPT
#ipchains -l -A input -p tcp -s 213.122.219.103 -y -j ACCEPT
echo "4. Allow incomming connections to/from local net..."
ipchains -A input -p tcp -i eth0 -s 192.168.10.0/24 -y -j ACCEPT
ipchains -A input -p tcp -i eth0 -d 192.168.10.0/24 -y -j ACCEPT
#echo " ...dont drop ident packets - reject them instead..."
#ipchains -A input -p TCP --dport auth -l -j REJECT
#ipchains -l -A input -p tcp -s 62.31.245.68 -j ACCEPT
echo " and, apart from ports:"
echo " 20 & 21 (ftp)..."
ipchains -l -A input -p tcp -d $EXTIP 20 -y -j ACCEPT
ipchains -l -A input -p tcp -d $EXTIP 21 -y -j ACCEPT
ipchains -l -A input -p tcp -s 0/0 20 -y -j ACCEPT
ipchains -l -A input -p tcp -s 0/0 21 -y -j ACCEPT
echo " 25 (smtp)..."
ipchains -l -A input -p tcp -d $EXTIP 25 -y -j ACCEPT
echo " 80 (www)..."
ipchains -l -A input -p tcp -d 0/0 80 -y -j ACCEPT
#echo " 119 (news)..."
#ipchains -l -A input -p tcp -d 0/0 119 -y -j ACCEPT
#echo " 27010 & 27015 & 27016 (halflife)..."
#ipchains -l -A input -p tcp -d 212.56.64.64 27010 -y -j ACCEPT
#ipchains -l -A input -p tcp -d 212.56.64.64 27015 -y -j ACCEPT
#ipchains -l -A input -p tcp -d 212.56.64.64 27016 -y -j ACCEPT
echo " block incomming connections from the internet..."
ipchains -l -A input -p tcp -y -j DENY
echo " ...done!"
echo "5. Allow incomming packets from ports:"
echo " 80 (www)..."
ipchains -A input -p tcp -s $EXTIP 80 -j ACCEPT
echo " 443 (secure www)"
ipchains -A input -p tcp -s $EXTIP 443 -j ACCEPT
echo " 20 & 21 (ftp)..."
ipchains -A input -p tcp -s $EXTIP 20 -j ACCEPT
ipchains -A input -p tcp -s $EXTIP 21 -j ACCEPT
insmod ip_masq_ftp
echo " 25 (smtp)..."
ipchains -A input -p tcp -s $EXTIP 25 -j ACCEPT
echo " 110 (pop3)..."
ipchains -A input -p tcp -s $EXTIP 110 -j ACCEPT
echo " 119 (news)..."
ipchains -A input -p tcp -s $EXTIP 119 -j ACCEPT
echo " 42 (nameserver)..."
ipchains -A input -p tcp -s $EXTIP 42 -j ACCEPT
echo " 53 (domain)..."
ipchains -A input -p tcp -s $EXTIP 53 -j ACCEPT
ipchains -A input -p udp -s $EXTIP 53 -j ACCEPT
echo " 5190 (icq)..."
ipchains -A input -p tcp -s $EXTIP 5190 -j ACCEPT
echo " but deny everything else..."
#ipchains -P input DENY
echo " ...done!"
echo "6. And just in case we are paranoid :o)..."
echo " block all other ports from internet..."
ipchains -l -A input -i ppp0 -p tcp -d 0/0 0:1023 -j DENY
ipchains -l -A input -i ppp0 -p udp -d 0/0 0:1023 -j DENY
echo " ...done!"
echo ""
echo "All Done! :o)"
----</SNIP>----
-----Original Message-----
From: Linux News User [mailto:linux@xxxxxxxxx]
Sent: 18 April 2001 15:44
To: suse-linux-e@xxxxxxxx
Subject: [SLE] Help with a making NAT example
Hi guys !
I need to make a NAT Services to allow my internal machines surf to the
Internet
This are example data:
Private ip is:
Eth0
10.10.10.10/255.255.255.0
Public ip is:
Eth1
196.40.25.81/255.255.255.248
And could any body PLEASE !! :) tell me how do I do a NAT using that
configuration ?
If any one could send me an example I will be more that happy !
thanks in advice
--
To unsubscribe send e-mail to suse-linux-e-unsubscribe@xxxxxxxx
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
Also check the FAQ at http://www.suse.com/support/faq and the
archives at http://lists.suse.com
Here is the script I use on my server to act as a gateway and firewall.
Server IP is 192.168.10.2, local net is 192.168.10.x, external IP changes
and is defined as $EXTIP. The script is a bit tatty cos I've modified it a
lot, but it works. :o) I think section 3 is what you are looking for...
I hope this helps,
Andrew
----<SNIP>----
#!/bin/bash
#
# fwgw script
#
# Combined firewall & gateway for linux kernels 2.2.x (and above?)
# by Andrew Smith (fwgw@xxxxxxxxxxxxxxxxxxx)
#
# (c) Copyright 2000
#
# Published under the GNU License
#
# Usual liability sham - don't blame me if this don't work :o)
#
#
#
echo "1. Initalising: Setting variables..."
EXTIP=`/sbin/ifconfig ppp0 | grep inet | awk '{print $2}' | awk
'{FS=":"}END{ print $2}'`
echo " ...and flushing existing rulsets..."
ipchains -F
ipchains -P input ACCEPT
ipchains -P forward ACCEPT
ipchains -P output ACCEPT
echo " ...done!"
echo "2. Allow all local traffic..."
ipchains -A input -i eth0 -s 192.168.10.0/24 -d 192.168.10.0/24 -j ACCEPT
ipchains -A input -i lo -s 192.168.10.2 -j ACCEPT
ipchains -A input -i lo -s 127.0.0.1 -j ACCEPT
echo " ...done!"
echo "3. Set up internet gateway..."
ipchains -A forward -s 192.168.10.0/24 -j MASQ
ipchains -A forward -d 192.168.10.0/24 -j MASQ
echo 1 > /proc/sys/net/ipv4/ip_forward
echo " ...done!"
#ipchains -l -A input -p tcp -s 213.122.219.103 -j ACCEPT
#ipchains -l -A input -p tcp -s 213.122.219.103 -y -j ACCEPT
echo "4. Allow incomming connections to/from local net..."
ipchains -A input -p tcp -i eth0 -s 192.168.10.0/24 -y -j ACCEPT
ipchains -A input -p tcp -i eth0 -d 192.168.10.0/24 -y -j ACCEPT
#echo " ...dont drop ident packets - reject them instead..."
#ipchains -A input -p TCP --dport auth -l -j REJECT
#ipchains -l -A input -p tcp -s 62.31.245.68 -j ACCEPT
echo " and, apart from ports:"
echo " 20 & 21 (ftp)..."
ipchains -l -A input -p tcp -d $EXTIP 20 -y -j ACCEPT
ipchains -l -A input -p tcp -d $EXTIP 21 -y -j ACCEPT
ipchains -l -A input -p tcp -s 0/0 20 -y -j ACCEPT
ipchains -l -A input -p tcp -s 0/0 21 -y -j ACCEPT
echo " 25 (smtp)..."
ipchains -l -A input -p tcp -d $EXTIP 25 -y -j ACCEPT
echo " 80 (www)..."
ipchains -l -A input -p tcp -d 0/0 80 -y -j ACCEPT
#echo " 119 (news)..."
#ipchains -l -A input -p tcp -d 0/0 119 -y -j ACCEPT
#echo " 27010 & 27015 & 27016 (halflife)..."
#ipchains -l -A input -p tcp -d 212.56.64.64 27010 -y -j ACCEPT
#ipchains -l -A input -p tcp -d 212.56.64.64 27015 -y -j ACCEPT
#ipchains -l -A input -p tcp -d 212.56.64.64 27016 -y -j ACCEPT
echo " block incomming connections from the internet..."
ipchains -l -A input -p tcp -y -j DENY
echo " ...done!"
echo "5. Allow incomming packets from ports:"
echo " 80 (www)..."
ipchains -A input -p tcp -s $EXTIP 80 -j ACCEPT
echo " 443 (secure www)"
ipchains -A input -p tcp -s $EXTIP 443 -j ACCEPT
echo " 20 & 21 (ftp)..."
ipchains -A input -p tcp -s $EXTIP 20 -j ACCEPT
ipchains -A input -p tcp -s $EXTIP 21 -j ACCEPT
insmod ip_masq_ftp
echo " 25 (smtp)..."
ipchains -A input -p tcp -s $EXTIP 25 -j ACCEPT
echo " 110 (pop3)..."
ipchains -A input -p tcp -s $EXTIP 110 -j ACCEPT
echo " 119 (news)..."
ipchains -A input -p tcp -s $EXTIP 119 -j ACCEPT
echo " 42 (nameserver)..."
ipchains -A input -p tcp -s $EXTIP 42 -j ACCEPT
echo " 53 (domain)..."
ipchains -A input -p tcp -s $EXTIP 53 -j ACCEPT
ipchains -A input -p udp -s $EXTIP 53 -j ACCEPT
echo " 5190 (icq)..."
ipchains -A input -p tcp -s $EXTIP 5190 -j ACCEPT
echo " but deny everything else..."
#ipchains -P input DENY
echo " ...done!"
echo "6. And just in case we are paranoid :o)..."
echo " block all other ports from internet..."
ipchains -l -A input -i ppp0 -p tcp -d 0/0 0:1023 -j DENY
ipchains -l -A input -i ppp0 -p udp -d 0/0 0:1023 -j DENY
echo " ...done!"
echo ""
echo "All Done! :o)"
----</SNIP>----
-----Original Message-----
From: Linux News User [mailto:linux@xxxxxxxxx]
Sent: 18 April 2001 15:44
To: suse-linux-e@xxxxxxxx
Subject: [SLE] Help with a making NAT example
Hi guys !
I need to make a NAT Services to allow my internal machines surf to the
Internet
This are example data:
Private ip is:
Eth0
10.10.10.10/255.255.255.0
Public ip is:
Eth1
196.40.25.81/255.255.255.248
And could any body PLEASE !! :) tell me how do I do a NAT using that
configuration ?
If any one could send me an example I will be more that happy !
thanks in advice
--
To unsubscribe send e-mail to suse-linux-e-unsubscribe@xxxxxxxx
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
Also check the FAQ at http://www.suse.com/support/faq and the
archives at http://lists.suse.com
| < Previous | Next > |