View previous topic :: View next topic |
Author |
Message |
Moriah Advocate
Joined: 27 Mar 2004 Posts: 2365 Location: Kentucky
|
Posted: Sat Mar 17, 2018 8:32 pm Post subject: HELP - iptables firewall script changes |
|
|
I have a very old iptables firewall script that was originally written in 2003. It used to get a set of static ip addresses over an L2TP tunnel using a 5 mb/sec DSL connection from the phone company. Around 2010 or so, it was changed to get the static addresses over openvpn. About 4 or 5 years ago, the connection was changed to a cable modem, but the same openvpn tunnel approach was still used because it "just worked".
Now I can get my static ip addresses directly from the cable modem people for a reasonable price, so I've ditched the openvpn tunnel and am trying to modify my ancient firewall script to work that way.
Its been much more difficult than I anticipated.
I expected to change the static addresses to the new ones, and get rid of the tunnel and it would all work, but alas, it fails miserably. It is not passing packets to the DMZ at all.
I really need some help with this, or maybe even a better way to do it. Is there something more modern than iptables nowdays?
I would post the firewall script here, but it is pretty long. Until I get it working, I have no email, and my web server is down, so I have no place else to post it to either. I could post a dump of the iptables after a little bit of running, so you could see the packet counts, etc. if that would help, but I think you really need to see the script itself. _________________ The MyWord KJV Bible tool is at http://www.elilabs.com/~myword
Foghorn Leghorn is a Warner Bros. cartoon character.
Last edited by Moriah on Sat Mar 17, 2018 11:50 pm; edited 1 time in total |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21633
|
Posted: Sat Mar 17, 2018 9:04 pm Post subject: |
|
|
You could experiment with nftables, or go bleeding edge with bpfilter. I recommend against trying to convert to either of those when your starting point is not functional.
Please pastebin the script and the output of iptables-save after the script has loaded your rules. You can use wgetpaste for this. |
|
Back to top |
|
|
Moriah Advocate
Joined: 27 Mar 2004 Posts: 2365 Location: Kentucky
|
Posted: Sat Mar 17, 2018 11:45 pm Post subject: |
|
|
I have not used wgetpaste before, but looking at https://wiki.gentoo.org/wiki/Wgetpaste I have to ask where do you want me to paste it? The default https://bpaste.net/
I assume it will take a binary file, because I have made a gzipped tarball of all the files involved. _________________ The MyWord KJV Bible tool is at http://www.elilabs.com/~myword
Foghorn Leghorn is a Warner Bros. cartoon character. |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21633
|
Posted: Sun Mar 18, 2018 12:22 am Post subject: |
|
|
Any of the built-in choices should be fine.
Why wrap them in tar.gz? You can do that if you want, but that just makes it harder to cite specific pieces. |
|
Back to top |
|
|
Moriah Advocate
Joined: 27 Mar 2004 Posts: 2365 Location: Kentucky
|
Posted: Sun Mar 18, 2018 12:23 am Post subject: |
|
|
Hu:
It didn't like the gzipped tar file, so I extracted it and combined the files and uploaded them. I pm-ed you the url.
Thanks! _________________ The MyWord KJV Bible tool is at http://www.elilabs.com/~myword
Foghorn Leghorn is a Warner Bros. cartoon character. |
|
Back to top |
|
|
|