Find the answer to your Linux question:
Results 1 to 2 of 2
Distro: CentOS 5.3 External IP (eth0): Static assigned by ISP via DHCP Internal IP (eth1): 10.0.0.1 Services running: Apache, BIND, ProFTP, Samba, DHCP3, MySQL, PHP Hello. I must preface this ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. 06-23-2009 #1
    lordemperor
    lordemperor is offline
    Just Joined!
    Join Date
    Jun 2009
    Posts
    6

    CentOS router/firewall/nat iptables setup [SOLVED: Shorewall FTW]

    Distro: CentOS 5.3
    External IP (eth0): Static assigned by ISP via DHCP
    Internal IP (eth1): 10.0.0.1
    Services running: Apache, BIND, ProFTP, Samba, DHCP3, MySQL, PHP

    Hello. I must preface this by saying I know little about iptables. This is my first attempt at building my own router, having previously used Smoothwall.

    The CentOS box in this instance is also my website and DNS server. I have simply built on top of my existing server setup, enabling port forwarding and installing dhcpd.

    Objective:
    All outgoing connections accepted, i.e. use should be transparant to a user within my network.
    Incoming connections only accepted if forwarded (I think I know how to accomplish this, having nabbed a port forward example when I searched), I currently do not have any of these.
    Existing services on the router continue to work.

    My web and name server currently work, as does FTP and samba access.

    The internet works on my client computer (10.0.0.2 Static via DHCP), however I have trouble accessing some services outside my own network. For example if I FTP to an external server I get:

    500 I won't open a connection to 10.0.0.2 (only to PUBLIC IP WAS HERE)

    I don't think my internal IP should be making it out there.

    Here's my iptables script, cobbled together from various sources:

    Code:
    # Dont shut myself out in case something doesn't work
iptables -F
iptables -P INPUT ACCEPT
# FTP
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# Webmin
iptables -A INPUT -p tcp --dport 10000 -j ACCEPT
# DNS
iptables -A INPUT -p udp --dport 53 -j ACCEPT
# HTTP
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
# DHCP
iptables -A INPUT -p tcp --dport 67 -j ACCEPT
# Nagios
iptables -A INPUT -p tcp -m tcp --dport 5666 -j ACCEPT
# Ping
iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type 0 -j ACCEPT
# Default policies
iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
# Routering...
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth1 -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth1 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
service iptables save
    Any sugestions to make this... better? Or a tutorial for nubs. No GUI so CLI options only.
    Reply With Quote Reply With Quote
  2. 06-24-2009 #2
    lordemperor
    lordemperor is offline
    Just Joined!
    Join Date
    Jun 2009
    Posts
    6
    Never mind, Shorewall to the rescue!
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules