View previous topic :: View next topic |
Author |
Message |
andybrandorff n00b
Joined: 03 Aug 2004 Posts: 57 Location: denmark
|
Posted: Mon Aug 29, 2005 9:24 pm Post subject: firewall & dhcp |
|
|
Hej jeg har lige fået min server op at køre men min firewall del vil ike som mig.
Jeg skal køre internet gennem den til 2 andre pc er. så jeg har sat DHCP op og det køre & de får også ip adresser. Men da jeg skal til internet via mine pcer skal jeg køre det som firewall, det vil den så ikke. jeg har gjordt følgende.
fulgt guiden http://gentoo-wiki.com/HOWTO_setup_a_home-server#Configuring_masquerading_and_basic_firewall
og lavet min firewall i Code: | nano -w /etc/init.d/iptables |
som ser sådan ud Code: | #!/sbin/runscript
# Copyright 1999-2005 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/files/iptables-1.3.2.init,v 1.2 2005/08/10 23:11:12 vapier Exp $
#IPTABLES=/sbin/iptables
opts="save reload panic"
iptables_name=${SVCNAME}
if [[ ${iptables_name} != "iptables" && ${iptables_name} != "ip6tables" ]] ; then
iptables_name="iptables"
fi
iptables_bin="/sbin/${iptables_name}"
case ${iptables_name} in
iptables) iptables_proc="/proc/net/ip_tables_names"
iptables_save=${IPTABLES_SAVE};;
ip6tables) iptables_proc="/proc/net/ip6_tables_names"
iptables_save=${IP6TABLES_SAVE};;
esac
depend() {
before net
use logger
}
set_table_policy() {
local chains table=$1 policy=$2
case ${table} in
nat) chains="PREROUTING POSTROUTING OUTPUT";;
mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";;
filter) chains="INPUT FORWARD OUTPUT";;
*) chains="";;
esac
local chain
for chain in ${chains} ; do
${iptables_bin} -t ${table} -P ${chain} ${policy}
done
}
checkkernel() {
if [[ ! -e ${iptables_proc} ]] ; then
eerror "Your kernel lacks ${iptables_name} support, please load"
eerror "appropriate modules and try again."
return 1
fi
return 0
}
checkconfig() {
if [[ ! -f ${iptables_save} ]] ; then
eerror "Not starting ${iptables_name}. First create some rules then run:"
eerror "/etc/init.d/${iptables_name} save"
return 1
fi
return 0
}
start() {
/sbin/iptables -F; iptables -t nat -F; iptables -t mangle -F
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/conf/all/forwarding
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT
/sbin/iptables -A INPUT -p icmp -j ACCEPT
checkconfig || return 1
ebegin "Loading ${iptables_name} state and starting firewall"
${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
eend $?
}
stop() {
if [[ ${SAVE_ON_STOP} == "yes" ]] ; then
save || return 1
fi
checkkernel || return 1
ebegin "Stopping firewall"
for a in $(<${iptables_proc}) ; do
${iptables_bin} -F -t $a
${iptables_bin} -X -t $a
set_table_policy $a ACCEPT
done
eend $?
}
reload() {
checkkernel || return 1
ebegin "Flushing firewall"
for a in $(<${iptables_proc}) ; do
${iptables_bin} -F -t $a
${iptables_bin} -X -t $a
done
eend $?
start
}
save() {
ebegin "Saving ${iptables_name} state"
touch "${iptables_save}"
chmod 0600 "${iptables_save}"
${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}"
eend $?
}
panic() {
checkkernel || return 1
[[ -e ${svcdir}/started/${iptables_name} ]] && svc_stop
ebegin "Dropping all packets"
for a in $(<${iptables_proc}) ; do
${iptables_bin} -F -t $a
${iptables_bin} -X -t $a
set_table_policy $a DROP
done
eend $?
}
|
og så har jeg køret:
/etc/init.d/iptables save
&
/etc/init.d/iptables restart
Men jeg har ikke hul igennem? |
|
Back to top |
|
|
Leo Lausren Apprentice
Joined: 24 Feb 2004 Posts: 198 Location: Denmark
|
Posted: Tue Aug 30, 2005 12:53 pm Post subject: |
|
|
Du åbner kun for INPUT, hvis du vil route trafik igennem går det i FORWARD.
Kik et stykke nede Code: | # iptables -I FORWARD -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT |
Tillad f.eks. NEW,ESTABLISHED,RELATED fra lokal net, og
kun ESTABLISHED,RELATED udefra. _________________ Blog: common sense – nonsense |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|