[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

simple firewall



Hi all, sorry for this post here but I cannot seem to join the
netfilter list :/

I wish to have a simple firewall to forward http traffic to internal network
This is what I have but it does not forward, any help much appreciated

#!/bin/sh

#path to iptables
IPTABLES="/sbin/iptables"

# External Interface
EXT_IF=`route -n | awk '$1~/0.0.0.0/ {print $8}'`

# Internale network
INT_NET="192.168.0.0/24"

# Internal Network Interface
INT_NET_IF="eth1"

# Internal Network Interface IP Address
INT_NET_IF_IP="192.168.0.1"

# IP of the web machine
WWW_IP="192.168.0.3"

# Turn on ipforwarding
echo "1" > /proc/sys/net/ipv4/ip_forward

# Flush old rulesets
$IPTABLES -F
$IPTABLES -F -t nat

# Default policies
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD DROP

# Masqerading bit
$IPTABLES -t nat -A POSTROUTING -o $EXT_IF -j MASQUERADE

# Allow packets to return
$IPTABLES -A FORWARD -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT

# Allow packets out
$IPTABLES -A FORWARD -i eth1 -s $INT_NET -j ACCEPT

# Forward http request to internal net
$IPTABLES -t nat -A PREROUTING -i $EXT_IF -p tcp --dport 80 -j DNAT --to $WWW_IP

# Allow port 80
# $IPTABLES -A INPUT -i ppp0 -d 0/0 -p tcp --dport 80 -j ACCEPT
$IPTABLES -A FORWARD -i ppp0 -d 0/0 -p tcp --dport 80 -j ACCEPT

# Allow SSH
$IPTABLES -A INPUT -i ppp0 -d 0/0 -p tcp --dport 22 -j ACCEPT

# Log to syslog
# $IPTABLES -A INPUT -j LOG
# 


Kind regards
Kevin

-- 
 ______                              
(_____ \                             
 _____) )  ____   ____   ____   ____ 
|  ____/  / _  ) / _  | / ___) / _  )
| |      ( (/ / ( ( | |( (___ ( (/ / 
|_|       \____) \_||_| \____) \____)
Kevin Waterson
Port Macquarie, Australia





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]