Asslam-0-Alykum to All,
i'm Sohail, i was working in Lahore on Cable Net with Linux 9 and Fedora core 3, but now, i'm in Dubai, and here is hardware available for Linux machine such as Switches and Modem for Linux OS. now i'm confused becuase i work with Linux with firewall that have internet connection on XP machine, and i connect my Linux eth1 Lan to XP ethernet card, the firewall i'm pasting here,
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -F
iptables -t nat -F
modprobe ip_nat_ftp
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 135 -j DROP
iptables -t nat -A PREROUTING -p tcp --dport 445 -j DROP
iptables -t nat -A PREROUTING -p tcp --dport 139 -j DROP
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A POSTROUTING -p tcp --dport 4900:65535 -o eth1 -j MASQUERADE
iptables -t nat -A POSTROUTING -p udp --dport 4900:65535 -o eth1 -j MASQUERADE
iptables -t nat -A POSTROUTING -p tcp --dport 1:900 -o eth1 -j MASQUERADE
iptables -t nat -A POSTROUTING -p udp --dport 1:900 -o eth1 -j MASQUERADE
iptables -t nat -A POSTROUTING -p tcp --dport 1863:1863 -o eth1 -j MASQUERADE
iptables -t nat -A POSTROUTING -p udp --dport 1863:1863 -o eth1 -j MASQUERADE
iptables -t nat -A POSTROUTING -p tcp --dport 21 -o eth1 -j MASQUERADE #FTP
iptables -t nat -A POSTROUTING -p tcp --dport 25 -o eth1 -j MASQUERADE #smtp
iptables -t nat -A POSTROUTING -p tcp --dport 80 -o eth1 -j MASQUERADE #WWW
iptables -t nat -A POSTROUTING -p tcp --dport 110 -o eth1 -j MASQUERADE #pop
iptables -t nat -A POSTROUTING -p udp --dport 123 -o eth1 -j MASQUERADE #NTP
iptables -t nat -A POSTROUTING -p tcp --dport 443 -o eth1 -j MASQUERADE #SSL
iptables -t nat -A POSTROUTING -p tcp --dport 1863 -o eth1 -j MASQUERADE #MSN
iptables -t nat -A POSTROUTING -p tcp --dport 5000 -o eth1 -j MASQUERADE #INSTA, UFONE
iptables -t nat -A POSTROUTING -p tcp --dport 5001 -o eth1 -j MASQUERADE #YAHOO CHAT
iptables -t nat -A POSTROUTING -p tcp --dport 5005 -o eth1 -j MASQUERADE #PAKTEL
iptables -t nat -A POSTROUTING -p tcp --dport 5050 -o eth1 -j MASQUERADE #YAHOO
iptables -t nat -A POSTROUTING -p tcp --dport 5100 -o eth1 -j MASQUERADE #YAHOO CAM
iptables -t nat -A POSTROUTING -p tcp --dport 6660:6670 -o eth1 -j MASQUERADE #MIRC
iptables -t nat -A POSTROUTING -p tcp --dport 7000 -o eth1 -j MASQUERADE #MIRC
iptables -t nat -A POSTROUTING -p tcp --dport 28805 -o eth1 -j MASQUERADE #MSN GAME
iptables -t nat -A POSTROUTING -p tcp --dport 51215 -o eth1 -j MASQUERADE #MOBILINK
_________________________________________________
My Question is that, how can i configure firewall for that Linux machine which has Direct Connection of Internet from etisalat ( Dubai phone And Internet providing Company) or simple is that, linux has installed Modem or DSL, and what kind of changes i have to make in my Firewall ? i hope i explained my cofusion, waiting for reply,
Best Regards,
Sohail Akrim
ebiz_sohail@hotmail.com
Need Help for Firewall
-
ebiz_sohail
- Cadet
- Posts: 10
- Joined: Wed Jan 12, 2005 11:43 pm
- Location: Lahore, Pakistan.
- Contact:
-
LinuxFreaK
- Site Admin
- Posts: 5132
- Joined: Fri May 02, 2003 10:24 am
- Location: Karachi
- Contact:
Re:
Dear ebiz_sohail,
Salam,
Just Change the Interface Address. Should be look like this !!
Best Regards.
Salam,
Just Change the Interface Address. Should be look like this !!
Code: Select all
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -F
iptables -t nat -F
modprobe ip_nat_ftp
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 135 -j DROP
iptables -t nat -A PREROUTING -p tcp --dport 445 -j DROP
iptables -t nat -A PREROUTING -p tcp --dport 139 -j DROP
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A POSTROUTING -p tcp --dport 4900:65535 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -p udp --dport 4900:65535 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -p tcp --dport 1:900 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -p udp --dport 1:900 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -p tcp --dport 1863:1863 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -p udp --dport 1863:1863 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -p tcp --dport 21 -o eth0 -j MASQUERADE #FTP
iptables -t nat -A POSTROUTING -p tcp --dport 25 -o eth0 -j MASQUERADE #smtp
iptables -t nat -A POSTROUTING -p tcp --dport 80 -o eth0 -j MASQUERADE #WWW
iptables -t nat -A POSTROUTING -p tcp --dport 110 -o eth0 -j MASQUERADE #pop
iptables -t nat -A POSTROUTING -p udp --dport 123 -o eth0 -j MASQUERADE #NTP
iptables -t nat -A POSTROUTING -p tcp --dport 443 -o eth0 -j MASQUERADE #SSL
iptables -t nat -A POSTROUTING -p tcp --dport 1863 -o eth0 -j MASQUERADE #MSN
iptables -t nat -A POSTROUTING -p tcp --dport 5000 -o eth0 -j MASQUERADE #INSTA, UFONE
iptables -t nat -A POSTROUTING -p tcp --dport 5001 -o eth0 -j MASQUERADE #YAHOO CHAT
iptables -t nat -A POSTROUTING -p tcp --dport 5005 -o eth0 -j MASQUERADE #PAKTEL
iptables -t nat -A POSTROUTING -p tcp --dport 5050 -o eth0 -j MASQUERADE #YAHOO
iptables -t nat -A POSTROUTING -p tcp --dport 5100 -o eth0 -j MASQUERADE #YAHOO CAM
iptables -t nat -A POSTROUTING -p tcp --dport 6660:6670 -o eth0 -j MASQUERADE #MIRC
iptables -t nat -A POSTROUTING -p tcp --dport 7000 -o eth0 -j MASQUERADE #MIRC
iptables -t nat -A POSTROUTING -p tcp --dport 28805 -o eth0 -j MASQUERADE #MSN GAME
iptables -t nat -A POSTROUTING -p tcp --dport 51215 -o eth0 -j MASQUERADE #MOBILINKFarrukh Ahmed