Dear Allz,
I made a Following Firewall script:
#######################
## Defining Variable ##
#######################
IPT="/sbin/iptables"
FILE="/etc/squid/mac-list"
NW="192.168.1.0/24"
###################
## ADMINS ##
###################
ADMIN1="10.1.2.211"
ADMIN2="10.1.2.212"
####################
## PORTS ##
####################
SSH="22"
FTP="21"
SMTP="25"
VNC1="5801:5810"
VNC2="5901:5910"
VNC3="6001:6010"
####################################
echo "Flush Existing Firewall Rules"
####################################
$IPT -F
$IPT -Z
sleep 2
echo
######################
echo "Defining Chains"
######################
$IPT -P INPUT ACCEPT
echo
########################
echo "Defining Policies"
########################
$IPT -A INPUT -m state --state INVALID -j DROP
$IPT -A INPUT -i lo -j ACCEPT
echo
###############################
echo "Now enable IP Forwarding"
###############################
echo "1" > /proc/sys/net/ipv4/ip_forward
echo
##########################################
echo "Configuring NAT & Transparent Proxy"
##########################################
cat $FILE | while read MAC
do
$IPT -A FORWARD -m mac --mac-source $MAC -j ACCEPT
$IPT -t nat -A POSTROUTING -m mac --mac-source $MAC -j MASQUERADE
#$IPT -t nat -A PREROUTING -p tcp --dport 80 -s $NW -j REDIRECT --to-port 8080
done
########################### SSH RULES #####################################################
$IPT -A INPUT -p tcp --dport $SSH -m state --state NEW,ESTABLISHED,RELATED -s $ADMIN1-j ACCEPT
################################ VNC RULES #####################################################
$IPT -A INPUT -p tcp --dport $VNC1 -m state --state NEW,ESTABLISHED,RELATED -s $ADMIN1 -j ACCEPT
$IPT -A INPUT -p tcp --dport $VNC2 -m state --state NEW,ESTABLISHED,RELATED -s $ADMIN1-j ACCEPT
$IPT -A INPUT -p tcp --dport $VNC3 -m state --state NEW,ESTABLISHED,RELATED -s $ADMIN1 -j ACCEPT
$IPT -A INPUT -p tcp --dport $VNC1 -m state --state NEW,ESTABLISHED,RELATED -s $ADMIN2 -j ACCEPT
$IPT -A INPUT -p tcp --dport $VNC2 -m state --state NEW,ESTABLISHED,RELATED -s $ADMIN2-j ACCEPT
$IPT -A INPUT -p tcp --dport $VNC3 -m state --state NEW,ESTABLISHED,RELATED -s $ADMIN2 -j ACCEPT
############################### DROP EVERYTHING EXCEPT ABOVE ##################################
$IPT -A INPUT -p tcp --dport $SSH -j DROP
$IPT -A INPUT -p tcp --dport $VNC1 -j DROP
$IPT -A INPUT -p tcp --dport $VNC2 -j DROP
$IPT -A INPUT -p tcp --dport $VNC3 -j DROP
$IPT -A FORWARD -i eth1 -j DROP
But when i run the script its gives me like:
Configuring NAT & Transparent Proxy
iptables: Invalid argument
Firewall Issue
run the script as "bash -ex scriptfile" and see where it stops.
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
you probably need to tell iptables which output interface (something like "-o eth1") to use on that line.
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?