Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
HELP - iptables firewall script changes
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Moriah
Advocate
Advocate


Joined: 27 Mar 2004
Posts: 2053
Location: Kentucky

PostPosted: Sat Mar 17, 2018 8:32 pm    Post subject: HELP - iptables firewall script changes Reply with quote

I have a very old iptables firewall script that was originally written in 2003. It used to get a set of static ip addresses over an L2TP tunnel using a 5 mb/sec DSL connection from the phone company. Around 2010 or so, it was changed to get the static addresses over openvpn. About 4 or 5 years ago, the connection was changed to a cable modem, but the same openvpn tunnel approach was still used because it "just worked".

Now I can get my static ip addresses directly from the cable modem people for a reasonable price, so I've ditched the openvpn tunnel and am trying to modify my ancient firewall script to work that way.

Its been much more difficult than I anticipated. :(

I expected to change the static addresses to the new ones, and get rid of the tunnel and it would all work, but alas, it fails miserably. It is not passing packets to the DMZ at all.

I really need some help with this, or maybe even a better way to do it. Is there something more modern than iptables nowdays?

I would post the firewall script here, but it is pretty long. Until I get it working, I have no email, and my web server is down, so I have no place else to post it to either. I could post a dump of the iptables after a little bit of running, so you could see the packet counts, etc. if that would help, but I think you really need to see the script itself.
_________________
The MyWord KJV Bible tool is at http://www.elilabs.com/~myword

Foghorn Leghorn is a Warner Bros. cartoon character.


Last edited by Moriah on Sat Mar 17, 2018 11:50 pm; edited 1 time in total
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 12731

PostPosted: Sat Mar 17, 2018 9:04 pm    Post subject: Reply with quote

You could experiment with nftables, or go bleeding edge with bpfilter. I recommend against trying to convert to either of those when your starting point is not functional.

Please pastebin the script and the output of iptables-save after the script has loaded your rules. You can use wgetpaste for this.
Back to top
View user's profile Send private message
Moriah
Advocate
Advocate


Joined: 27 Mar 2004
Posts: 2053
Location: Kentucky

PostPosted: Sat Mar 17, 2018 11:45 pm    Post subject: Reply with quote

I have not used wgetpaste before, but looking at https://wiki.gentoo.org/wiki/Wgetpaste I have to ask where do you want me to paste it? The default https://bpaste.net/ :?:

I assume it will take a binary file, because I have made a gzipped tarball of all the files involved.
_________________
The MyWord KJV Bible tool is at http://www.elilabs.com/~myword

Foghorn Leghorn is a Warner Bros. cartoon character.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 12731

PostPosted: Sun Mar 18, 2018 12:22 am    Post subject: Reply with quote

Any of the built-in choices should be fine.

Why wrap them in tar.gz? You can do that if you want, but that just makes it harder to cite specific pieces.
Back to top
View user's profile Send private message
Moriah
Advocate
Advocate


Joined: 27 Mar 2004
Posts: 2053
Location: Kentucky

PostPosted: Sun Mar 18, 2018 12:23 am    Post subject: Reply with quote

Hu:

It didn't like the gzipped tar file, so I extracted it and combined the files and uploaded them. I pm-ed you the url.

Thanks! :D
_________________
The MyWord KJV Bible tool is at http://www.elilabs.com/~myword

Foghorn Leghorn is a Warner Bros. cartoon character.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum