LiquidBeef
12-11-2003, 09:24 PM
I am setting up a firewall NAT type of server and I wanted it to be veryfied or error checked before I set it up. What I want it to do is block all incoming syn request except for port 80, which I want to be forwarded to another machine, 192.168.0.10. It will also serve as a NAT gateway to the internet for a network of computers.
Here is what I have:
iptables -A INPUT -i eth1 -p tcp --syn --destination-port ! 80 -j drop
iptables -A INPUT -i eth1 -p udp --syn -j drop
iptables -A INPUT -i eth1 -p icmp --syn -j drop
echo 1 > /proc/sys/net/ipv4/ip_foward
iptables -P FORWARD DENY
iptables -A FORWARD -i eth0 -s 192.168.0.0/24 -d ! 192.168.0.0/24 -j ACCEPT
iptables -A FORWARD -i eth1 -s ! 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT
iptables -A FORWARD -i eth1 -d 192.168.0.10 -p tcp --destination-port 80 -j ACCEPT
ipnatctl -I -s 192.168.0.0/24 -o eth1 -b source -m masquerade
Your help would be appreciated :)
Also, I want to set up this computer as the DNS server through dhcp, but I want all the DNS requests to be forwarded to an online DNS server, how would I do this?
Here is what I have:
iptables -A INPUT -i eth1 -p tcp --syn --destination-port ! 80 -j drop
iptables -A INPUT -i eth1 -p udp --syn -j drop
iptables -A INPUT -i eth1 -p icmp --syn -j drop
echo 1 > /proc/sys/net/ipv4/ip_foward
iptables -P FORWARD DENY
iptables -A FORWARD -i eth0 -s 192.168.0.0/24 -d ! 192.168.0.0/24 -j ACCEPT
iptables -A FORWARD -i eth1 -s ! 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT
iptables -A FORWARD -i eth1 -d 192.168.0.10 -p tcp --destination-port 80 -j ACCEPT
ipnatctl -I -s 192.168.0.0/24 -o eth1 -b source -m masquerade
Your help would be appreciated :)
Also, I want to set up this computer as the DNS server through dhcp, but I want all the DNS requests to be forwarded to an online DNS server, how would I do this?