I have a firewall script It provides NAT and allow clients to visit only 3 sites plus DNS servers On client machine the 1st site (www.debian.org) can be viewed. but other two sites have problems the browser display only title bar in other words it is displayed partially Note the other two sites are in Chinese After I uncomment two commands(which reduce security), the two sites can be viewed. It seems to me that the problem is specific to etch (kernel 2.6) The script works fine for the two sites in sarge (kernel 2.4) below is my firewall script:
#!/bin/sh # # rc.firewall-iptables FWVER=0.76 echo -e "\n\nLoading simple rc.firewall-iptables version $FWVER..\n" IPTABLES=/sbin/iptables DEPMOD=/sbin/depmod MODPROBE=/sbin/modprobe DNS1="219.233.241.166" DNS2="211.167.97.67" SITE1="www.debian.org" SITE2="trade.gtja.com" SITE50="ebank.spdb.com.cn" EXTIF="eth1" INTIF="eth0" echo " External Interface: $EXTIF" echo " Internal Interface: $INTIF" echo -en " loading modules: " echo " - Verifying that all kernel modules are ok" $DEPMOD -a echo "----------------------------------------------------------------------" echo -en "ip_tables, " $MODPROBE ip_tables echo -en "ip_conntrack, " $MODPROBE ip_conntrack echo -en "iptable_nat, " $MODPROBE iptable_nat echo "----------------------------------------------------------------------" echo -e " Done loading modules.\n" echo " Enabling forwarding.." echo "1" > /proc/sys/net/ipv4/ip_forward echo " Clearing any existing rules and setting default policy.." $IPTABLES -P INPUT DROP $IPTABLES -F INPUT $IPTABLES -P OUTPUT DROP $IPTABLES -F OUTPUT $IPTABLES -P FORWARD DROP $IPTABLES -F FORWARD $IPTABLES -t nat -F #$IPTABLES -A INPUT -j ACCEPT #$IPTABLES -A OUTPUT -j ACCEPT $IPTABLES -A FORWARD -s $DNS1 -j ACCEPT $IPTABLES -A FORWARD -d $DNS1 -j ACCEPT $IPTABLES -A FORWARD -s $DNS2 -j ACCEPT $IPTABLES -A FORWARD -d $DNS2 -j ACCEPT $IPTABLES -A INPUT -s $DNS1 -j ACCEPT $IPTABLES -A INPUT -s $DNS2 -j ACCEPT $IPTABLES -A OUTPUT -d $DNS1 -j ACCEPT $IPTABLES -A OUTPUT -d $DNS2 -j ACCEPT $IPTABLES -A FORWARD -s $SITE1 -j ACCEPT $IPTABLES -A FORWARD -d $SITE1 -j ACCEPT $IPTABLES -A FORWARD -s $SITE2 -j ACCEPT $IPTABLES -A FORWARD -d $SITE2 -j ACCEPT $IPTABLES -A FORWARD -s $SITE50 -j ACCEPT $IPTABLES -A FORWARD -d $SITE50 -j ACCEPT echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF" $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE echo -e "\nrc.firewall-iptables v$FWVER done.\n" -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
