I would change that 'INPUT ACCEPT' to DROP or else the firewall really isn't a firewall since it will accept anything.
-----Original Message----- From: Alexey Fadyushin [mailto:[EMAIL PROTECTED] Sent: Sunday, August 31, 2003 11:42 AM To: [EMAIL PROTECTED] Subject: Re: IP tables help I think that the following configuration will help. Put the following lines in /etc/sysconfig/iptables: *nat :PREROUTING ACCEPT :POSTROUTING ACCEPT :OUTPUT ACCEPT -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source <YOUR EXTERNAL ADDRESS HERE> COMMIT *filter :INPUT ACCEPT :FORWARD ACCEPT :OUTPUT ACCEPT -A INPUT -i eth1 -j ACCEPT -A INPUT -i eth0 -p tcp -m multiport --destination-port ssh,http,ftp,ftp-data,smtp -j ACCEPT -A INPUT -j REJECT -A FORWARD -i eth0 -o eth1 -d 192.168.1.0/24 -j ACCEPT -A FORWARD -i eth1 -o eth0 -s 192.168.1.0/24 -j ACCEPT -A FORWARD -j DROP COMMIT Alexey Fadyushin Brainbench MVP for Linux http://www.brainbench.com Rudik Amirjanyan wrote: > > Hello > In my small office we have local lan 192.168.1.0 and we have put a RH9 as a > router, and want to masquerade the local ip addreses of the network. The > server has 2 interfaces, eth0 whit global IP adress, and eth1 192.168.1.1. > we want to open only ssh, ftp, www, mail, ports from outsaid, and everewhere > from local lan. > We have setup iptables, but do not know how to make it work. the question > is, > what entries must be in the /etc/sysconfig/iptables file to work the > firewall properly. > Any halp is appreciated. > > Thanks. > > -- > redhat-list mailing list > unsubscribe mailto:[EMAIL PROTECTED] > https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
