Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
firewall & dhcp
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Scandinavian
View previous topic :: View next topic  
Author Message
andybrandorff
n00b
n00b


Joined: 03 Aug 2004
Posts: 57
Location: denmark

PostPosted: Mon Aug 29, 2005 9:24 pm    Post subject: firewall & dhcp Reply with quote

Hej jeg har lige fået min server op at køre men min firewall del vil ike som mig.

Jeg skal køre internet gennem den til 2 andre pc er. så jeg har sat DHCP op og det køre & de får også ip adresser. Men da jeg skal til internet via mine pcer skal jeg køre det som firewall, det vil den så ikke. jeg har gjordt følgende.

fulgt guiden http://gentoo-wiki.com/HOWTO_setup_a_home-server#Configuring_masquerading_and_basic_firewall
og lavet min firewall i
Code:
 nano -w /etc/init.d/iptables


som ser sådan ud
Code:
#!/sbin/runscript
# Copyright 1999-2005 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/files/iptables-1.3.2.init,v 1.2 2005/08/10 23:11:12 vapier Exp $
#IPTABLES=/sbin/iptables

opts="save reload panic"

iptables_name=${SVCNAME}
if [[ ${iptables_name} != "iptables" && ${iptables_name} != "ip6tables" ]] ; then
        iptables_name="iptables"
fi

iptables_bin="/sbin/${iptables_name}"
case ${iptables_name} in
        iptables)  iptables_proc="/proc/net/ip_tables_names"
                   iptables_save=${IPTABLES_SAVE};;
        ip6tables) iptables_proc="/proc/net/ip6_tables_names"
                   iptables_save=${IP6TABLES_SAVE};;
esac

depend() {
        before net
        use logger
}

set_table_policy() {
        local chains table=$1 policy=$2
        case ${table} in
                nat)    chains="PREROUTING POSTROUTING OUTPUT";;
                mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";;
                filter) chains="INPUT FORWARD OUTPUT";;
                *)      chains="";;
        esac
        local chain
        for chain in ${chains} ; do
                ${iptables_bin} -t ${table} -P ${chain} ${policy}
        done
}

checkkernel() {
 if [[ ! -e ${iptables_proc} ]] ; then
                eerror "Your kernel lacks ${iptables_name} support, please load"
                eerror "appropriate modules and try again."
                return 1
        fi
        return 0
}
checkconfig() {
        if [[ ! -f ${iptables_save} ]] ; then
                eerror "Not starting ${iptables_name}.  First create some rules then run:"
                eerror "/etc/init.d/${iptables_name} save"
                return 1
        fi
        return 0
}

start() {
/sbin/iptables -F; iptables -t nat -F; iptables -t mangle -F
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/conf/all/forwarding
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT
/sbin/iptables -A INPUT -p icmp -j ACCEPT

        checkconfig || return 1
        ebegin "Loading ${iptables_name} state and starting firewall"
        ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
        eend $?

}

stop() {
        if [[ ${SAVE_ON_STOP} == "yes" ]] ; then
                save || return 1
        fi
        checkkernel || return 1
        ebegin "Stopping firewall"
        for a in $(<${iptables_proc}) ; do
                ${iptables_bin} -F -t $a
                ${iptables_bin} -X -t $a

                set_table_policy $a ACCEPT
        done
        eend $?
}

reload() {
        checkkernel || return 1
        ebegin "Flushing firewall"
        for a in $(<${iptables_proc}) ; do
                ${iptables_bin} -F -t $a
                ${iptables_bin} -X -t $a
        done
        eend $?

        start
}

save() {
        ebegin "Saving ${iptables_name} state"
        touch "${iptables_save}"
        chmod 0600 "${iptables_save}"
        ${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}"
        eend $?
}

panic() {
        checkkernel || return 1
        [[ -e ${svcdir}/started/${iptables_name} ]] && svc_stop

        ebegin "Dropping all packets"
        for a in $(<${iptables_proc}) ; do
                ${iptables_bin} -F -t $a
                ${iptables_bin} -X -t $a

                set_table_policy $a DROP
        done
        eend $?
}



og så har jeg køret:
/etc/init.d/iptables save
&
/etc/init.d/iptables restart

Men jeg har ikke hul igennem?
Back to top
View user's profile Send private message
Leo Lausren
Apprentice
Apprentice


Joined: 24 Feb 2004
Posts: 198
Location: Denmark

PostPosted: Tue Aug 30, 2005 12:53 pm    Post subject: Reply with quote

Du åbner kun for INPUT, hvis du vil route trafik igennem går det i FORWARD.
Kik et stykke nede
Code:
# iptables -I FORWARD -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

Tillad f.eks. NEW,ESTABLISHED,RELATED fra lokal net, og
kun ESTABLISHED,RELATED udefra.
_________________
Blog: common sense – nonsense
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Scandinavian All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum