Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: IPTABLES help & Remote Administration

  1. #11
    Junior Member
    Join Date
    May 2002
    Posts
    89

    Re:IPTABLES help & Remote Administration

    Hi
    I dont really understand the NEED for the options posted before by tolsoy.

  2. #12

    Re:IPTABLES help & Remote Administration

    I'll better explain why you need these options by going through exactly what you script currently does--

    # this line here turns on ip_forwarding, in other words, makes this box a router
    echo 1 > /proc/sys/net/ipv4/ip_forward

    # this line flushes any rules that may exist. So far so good.
    iptables --flush

    # this flushes any nat tables that might have been built. Still good.
    iptables --table nat --flush

    # Now here is a problem: this line deletes user defined chains that you have not and do not define
    iptables --delete-chain

    # same as above
    iptables --flush --delete-chain

    # this turns on natting
    iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQERADE

    #this adds a rule to forward traffic, but it seems incomplete since it accomidates traffic bound only at eth0. AFAIK, you must accomidate inbound and outbound traffic. In other words, traffic from the LAN to the WAN and vice versa. I think this line only works on your box because you computer is accepting all connections by default.

    iptables --append FORWARD --in-interface eth0 -j ACCEPT
    Now, so far, you don't have a firewall. Because you have not defined a default DROP policy, this box will accept all packets destined to it, and to be forwarded through it, by default. The only thing that somewhat protects your LAN is that this box is NATTING its connection. But this is not really a good defense. So far, all you have here is a router.

    The need for the options comes from the fact that the goal is a firewall. Without INPUT, OUTPUT or FORWARDING rules you do not have a firewall. Right now this script is making zero decisions on what to do with a packet based upon any sort of criteria. Hence, this not a firewall. Have I mentioned that already?

    I'll admit, what I typed up may not be 100% correct as I did it in about five minutes before I left for work. But the syntax is correct enough to show you how to write a basic firewall rule.

    I'm going to put a line in code, then in plain english so you can see how iptables syntax works:
    Code:
    iptables -A INPUT -i $external_interface -p tcp --destination-port 80 -j ACCEPT
    This translates to , roughly, to:

    Add a rule to any existing rules (append) I may have already created that will accept tcp input destined for port 80 on my computer's external network card, from anywhere on the internet,

    -a = append
    -i = the interface traffic is flowing into to
    -p = protocol
    -j = what to do with the packet: ACCEPT, DROP, or LOG
    $external_interface = a variable to be set for whatever your inteface is: eth0, eth1, etc.

    You would want such a rule because your computer should be dropping everything not explicitly allowed by default. To do this, you need to set up a default policy as such:
    Code:
    iptables -P INPUT DROP
    I don't want to be rude and shout RTFM, but in this case I think you really need to. Between this and other posts it seems that you want to build a firewal without actually understanding how to build a firewall. This is putting the cart before the horse. I would browse the netfilter website. Read the man pages. Buy a book. Read a HOWTO.

  3. #13
    Junior Member
    Join Date
    May 2002
    Posts
    89

    Re:IPTABLES help & Remote Administration

    Humm...
    I think ive been spending too much time on the forums and have started to use other peoples minds (damn exams). Me sorry. Ill go use my own mind for a while.

    Dont forget. Thanks for your help

Similar Threads

  1. Universal remote boot and administration service
    By sportyidiot in forum General Chat
    Replies: 0
    Last Post: 02-02-2012, 07:57 PM
  2. How to forward local HTTP requests to remote Proxy with IPTables ?
    By asdamha in forum Linux - Hardware, Networking & Security
    Replies: 1
    Last Post: 05-12-2011, 11:51 AM
  3. Secure Remote Linux Administration
    By peter in forum Tutorials
    Replies: 1
    Last Post: 11-24-2008, 05:22 AM
  4. Remote applications, Actually remote Windows Question.
    By Stevef22 in forum Linux - Hardware, Networking & Security
    Replies: 2
    Last Post: 11-05-2006, 06:11 AM
  5. Remote Administration - Help please
    By glapalom in forum Linux - Hardware, Networking & Security
    Replies: 4
    Last Post: 02-23-2003, 04:58 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •