Networking Forums
Home Register Members Search Links
Member Login:

Networking Forums > Computer Networking > Linux Networking > Urgently ! need help about iptable and internet gateway/firewall

Reply
Thread Tools Display Modes

Urgently ! need help about iptable and internet gateway/firewall

 
 
Pratchaya
Guest
Posts: n/a

 
      01-24-2006, 09:02 PM
Hi,

I need your help about internet gateway. ( firewall :iptable )
Now , i key command like below but i can't use my computer at local
network to use internet
( web browser + MSN )

My Objective =
1. Only want computer IP 192.168.0.111 to use web+MSN
( No allow others connection such as flashget/getright/bittorence )
2. No permit others computer to use internet anyway

Anyone can help me ?
Thank you very much
Pratchaya


######################

My Network Diagram.

ADSL Router <===> { eth1::: My Server :::: eth0 <===> Local network
(192.168.0.xx )

################## My command line ############################
/sbin/service iptables stop

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 3128

iptables -P FORWARD DROP
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -s 192.168.0.111 -p tcp --dport 80
-j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -s 192.168.0.111 -p tcp --dport
1863 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -s 192.168.0.111 -p tcp --dport 443
-j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -s 192.168.0.111 -p tcp --dport
3128 -j ACCEPT

service iptables save
################## End My command line ############################



################## Result 1 ############################
[root@firewall ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- 192.168.0.111 anywhere tcp dpt:http
ACCEPT tcp -- 192.168.0.111 anywhere tcp dpt:1863
ACCEPT tcp -- 192.168.0.111 anywhere tcp dpt:https
ACCEPT tcp -- 192.168.0.111 anywhere tcp dpt:squid

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@firewall ~]#

################## Result 2 ############################
[root@firewall ~]# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- anywhere anywhere tcp dpt:http redir ports 3128

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@firewall ~]#
 
Reply With Quote
 
 
 
 
Pratchaya
Guest
Posts: n/a

 
      01-25-2006, 02:13 PM
Now , i can success .

My Command line
===============

service iptables stop
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 3128
iptables -P FORWARD DROP
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -s 192.168.0.0/24 -m multiport -p
tcp --dport 53,80,110,143,443,993,995,3128 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -s 192.168.0.0/24 -m multiport -p
udp --dport 53,110,143,993,995,1863 -j ACCEPT
service iptables save


================================================== ================================================== =====
My Iptable List
===============

[root@firewall ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT tcp -- 192.168.0.0/24 anywhere multiport
dports domain,http,pop3,imap,https,imaps,pop3s,squid
ACCEPT udp -- 192.168.0.0/24 anywhere multiport
dports domain,pop3,imap,imaps,pop3s,1863

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@firewall ~]#

================================================== ================================================== =====
 
Reply With Quote
Reply

« Modes in WiFi | PLease help a noob 2 the core, join fedora to 2003 Server. »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
help with gateway firewall? uphevel2 Linux Networking 2 08-10-2007 08:52 PM
Redhat firewall (ES4) iptable configuration help tractng@gmail.com Linux Networking 0 07-17-2007 05:02 PM
Redhat firewall (ES4) iptable configuration help tractng@gmail.com Linux Networking 0 07-17-2007 05:02 PM
Redhat firewall (ES4) iptable configuration help tractng@gmail.com Linux Networking 0 07-17-2007 05:02 PM
IPTABLE: using same port for 2 PC behind firewall (linux-box) Nicola Linux Networking 6 10-07-2004 09:24 AM


Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11