Daniel Pielmeier wrote: >> I used this script a long time ago. It worked until iptables got >> changed. It still worked but it gave a few errors. Maybe some guru can >> look at this and update it for us both. Then maybe I can get someone to >> upgrade the script on the site. I had to edit the very first bit about >> which interface is what. Here it is: > > I have tested your script! Do you get an error like this: > iptables v1.3.5: unknown protocol `ssh' specified > > I am not sure if it is right but i have replaced this line > > $IPTABLES -A INPUT --protocol ssh --dport 22 -j ACCEPT > by > $IPTABLES -A INPUT --protocol tcp --dport 22 -j ACCEPT > > and the error disappears. > > For me using this iptable rules didn't work, i still can't ping the > internet rom my desktop and also get the error message by the > ntp-client on my desktop. > > Any other suggestions! > > > > > Here is how i changed the script to fit my needs! > > #!/bin/bash > > IPTABLES='/sbin/iptables' > > # Set interface values > EXTIF='ppp0' > #INTIF0='eth0' > INTIF1='eth0' > INTIF2='eth1' > > # enable ip forwarding in the kernel > /bin/echo 1 > /proc/sys/net/ipv4/ip_forward > > # flush rules and delete chains > $IPTABLES -F > $IPTABLES -X > > # enable masquerading to allow LAN internet access > $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE > > # forward LAN traffic from $INTIF1 to Internet interface $EXTIF > $IPTABLES -A FORWARD -i $INTIF1 -o $EXTIF -m state --state > NEW,ESTABLISHED -j ACCEPT > > # forward LAN traffic from $INTIF2 to Internet interface $EXTIF > $IPTABLES -A FORWARD -i $INTIF2 -o $EXTIF -m state --state > NEW,ESTABLISHED -j ACCEPT > > #echo -e " - Allowing access to the SSH server" > $IPTABLES -A INPUT --protocol tcp --dport 22 -j ACCEPT > > #echo -e " - Allowing access to the HTTP server" > $IPTABLES -A INPUT --protocol tcp --dport 80 -j ACCEPT > > # block out all other Internet access on $EXTIF > $IPTABLES -A INPUT -i $EXTIF -m state --state NEW,INVALID -j DROP > $IPTABLES -A FORWARD -i $EXTIF -m state --state NEW,INVALID -j DROP
Are you on dial-up too? The EXTIF='ppp0' may need to be eth0 for you if you are using a DSL or cable connection. I'm not real sure about any of this stuff really. I need to get a book on iptables and a whole lot of other things too. Because of my health I can't sit at the puter long enough to learn anything. I can read a book in bed then. I'll see if I can think of something else. Maybe some guru can help us both out. I need that to work too. hmm, come to think of it, I have a thread on the forums. Try this: http://forums.gentoo.org/viewtopic-t-249167-highlight-iptables.html That may help. I tend to ramble a bit. Sorry. Dale :-) :-) :-) -- www.myspace.com/dalek1967 -- gentoo-user@gentoo.org mailing list
