Re: RH9, NAT and routing

From: Bob Smith (bob_at_netprt.com)
Date: 06/08/04

  • Next message: Vidiot: "Re: RH9, NAT and routing" 
    Date: Mon, 7 Jun 2004 19:59:18 -0600
To: redhat-list@redhat.com

    Hi Pete,

    Thanks for the rules, I think I see what I missed, which I believe is the
    forwarding rule from the lan.

    I'd still like to check out firestarter, just to see what it does, and
    learn yet another tool. :-) Is there a good place to find it?

    Thanks,

    -Bob

    > Hi,
    > I have a similar fw (but 3 nics).
    > here is the basic sequence of the pertinent rules from my fw to let LAN
    > traffic out. Depending on your comfort level, using firestarter may be
    > preferred. These are only a few of a complete set.

    > # Default deny all inbound & forwards.
    > # probably just allow all out, your discretion, but if you deny all outbound
    > # you won't contribute to DD0S, just make last one DENY as well then
    > # allow the desired services out.
    > $IPTABLES -P INPUT DROP
    > $IPTABLES -P FORWARD DROP
    > $IPTABLES -P OUTPUT ACCEPT

    > # outbound LAN connections are all masquaraded
    > $IPTABLES -A POSTROUTING -t nat -o $EXT_IF -s $LAN_RANGE -j MASQUERADE

    > # allow existing communications to continue
    > $IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

    > # forward
    > $IPTABLES -A FORWARD -i $LAN_IF -s $LAN_RANGE -j ACCEPT
    > $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

    > # I end each section (input, forward, output) with log and drop, here the
    > # forward set
    > $IPTABLES -A FORWARD -m limit -j LOG --log-prefix "NetF FORWARD CHAIN: "
    > $IPTABLES -A FORWARD -j DROP

    > Of course, there should be other rules in place, but this should allow
    > successful outbound connections from your LAN.

    > Hope that helps.
    > --
    > Pete Nesbitt, rhce 

    -- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
  • Next message: Vidiot: "Re: RH9, NAT and routing"

    Relevant Pages

    • Re: Problem setting up home ADSL <- linux -> LAN on Debian Sarge
      ... > cannot access Internet from LAN. ... I find iptables to be quite daunting and so I took the easy way out on ... I installed firestarter firewall, ran the wizard, and had my ...
      (comp.os.linux.networking)
    • Re: Setting up IPForwarding
      ... My firestarter definitely keeps port forwarding running after a reboot. ... If its LAN access to the Internet that doesn't work for you, ...
      (linux.redhat.install)
    • Re: Setting up IPForwarding
      ... My firestarter definitely keeps port forwarding running after a reboot. ... If its LAN access to the Internet that doesn't work for you, ...
      (alt.os.linux.redhat)
    • Re: RH9, NAT and routing
      ... Where might I find firestarter? ... >>between my LAN and the Internet via a DSL connection. ...
      (RedHat)