Results 1 to 2 of 2
Dear All, I asked to setup a firewall that have two zones. My LAN having 192.168.1.0/24 (firewall eth1 - 192.168.1.200) and router's connected ip 10.64.78.1/24 (firewall eth0 - 10.64.78.2). I ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 03-04-2009 #1
- Join Date
- Jul 2006
iptables script not working
I asked to setup a firewall that have two zones. My LAN having 192.168.1.0/24 (firewall eth1 - 192.168.1.200) and router's connected ip 10.64.78.1/24 (firewall eth0 - 10.64.78.2).
I have written a script with drop policy. Internal (192.168.1.0/24) pcs need to access external SMTP/POP server ip a.b.c.d and also few pcs need to connect to it via SSH(putty).
I have tried to do this using following script and it is not working.(I am only having experience to write few rules for SMTP/POP servers using INPUT and OUTPUT chains that not FORWARD chain)
# Drop all iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP # Accept loop back address iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # Forward SMTP/POP3,ssh traffic to and from OUT side iptables -A FORWARD -i eth1 -o eth0 -p tcp -s 192.168.1.0/24 -d a.b.c.d --dport smtp,pop3,ssh -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A FORWARD -o eth0 -i eth1 -p tcp -s a.b.c.d -d 192.168.1.0/24 --sport smtp,pop3,ssh -m state --state ESTABLISHED -j ACCEPT # Save and Start Iptables service iptables save service iptables start
Pls someone help meto correct this..
- 03-05-2009 #2