Mailing List Archive
Support open source code!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RH7.1 and ip-masquerading
- To: tlug@example.com
- Subject: RH7.1 and ip-masquerading
- From: Tony Laszlo <laszlo@example.com>
- Date: Tue, 12 Jun 2001 15:31:23 +0900 (JST)
- Content-Type: TEXT/PLAIN; charset=US-ASCII
- Reply-To: laszlo@example.com
- Resent-From: tlug@example.com
- Resent-Message-ID: <h0N8PD.A.MFF.ZKcJ7@example.com>
- Resent-Sender: tlug-request@example.com
Many thanks to B0Ti, Tobias and Scott for their advice. Happily, I am ip-masquerading away now. I decided to uninstall ipchains and work with iptables, which is said to be superior. I found a couple of scripts for this, two of which I will include here for others who might eventually search for an answer. The first one works for me, the second one doesn't... One can put them in a file called /etc/rc.d/rc.firewall and then have that invoked somehow (not sure how); I put them directly in /etc/rc.d/rc.local , instead. For those people using Redhat 7.1: ipchains is set to run by default. You have to put rmmod ipchains somewhere in the script and otherwise defuse ipchains (maybe using ntsysv) or (as I did) uninstall it. both from /etc/rc.d/rc.local ---------------------------------- script one (works) #adding iptables stuff - T.L. 2001.6.12 insmod ip_conntrack insmod ip_conntrack_ftp echo 1 > /proc/sys/net/ipv4/ip_forward iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain # Set up IP FORWARDing and Masquerading iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE iptables --append FORWARD --in-interface eth0 -j ACCEPT ## end of iptables script ----------------------------------------- script two (doesn't work) #adding iptables stuff - T.L. 2001.6.12 ## Insert connection-tracking modules (not needed if built into kernel). insmod ip_conntrack insmod ip_conntrack_ftp ## Create chain which blocks new connections, except if coming from inside. iptables -N block iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A block -m state --state NEW -i ! ppp0 -j ACCEPT iptables -A block -j DROP ## Adding some stuff to put a "1" in these proc files. -T.L. echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/ip_dynaddr echo 1 > /proc/sys/net/ipv4/tcp_syncookies echo 1 > /proc/sys/net/ipv4/ip_always_defrag echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects ## Jump to that chain from INPUT and FORWARD chains. iptables -A INPUT -j block iptables -A FORWARD -j block ## end of iptables script
- Prev by Date: Apache "permission denied"
- Next by Date: Re: Apache "permission denied"
- Prev by thread: Re: Apache "permission denied"
- Next by thread: Article on basic secure shell-script programming
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |