Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Linux > Router + Linux as firewall and proxy

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Router + Linux as firewall and proxy

Reply to Message Icon

Name: John P.
Date: July 10, 2002 at 13:57:15 Pacific
Comment:

hello. First of all I must congratulate you for this great board!

Here's my problem:
I have a zyxel router, a linux box (red hat 7.3 with iptables) and several client machines (+50)

Info:
router internal ip: 192.168.0.1 255.255.255.0
linux box internal ip: 192.168.0.2 255.255.255.0

other pcs: 192.168.0.x

I want to have the linux box accessing the internet through the router, and the clients accessing the internet through the linux box.

The router only allows incoming smtp from my mail server, and I want the internal network to be able do browse http only.

I have set on my linux box the router as gateway. My question is this : Can I set the iptables rules on the linux box as if it was directly connected to the internet ?

If not, how can i manage to resolve my problem ?

Thanks for sharing your knowledge in advance.

Best regards,
John P.



Sponsored Link
Ads by Google

Response Number 1
Name: jerry
Date: July 10, 2002 at 20:03:39 Pacific
Reply:

I think I understand your question.

Yes you can set the iptables to your liking as if it was on the big internet.

Basically what happens between your linux box and the 50pc's is your choice.

Hope this answers your question.


0

Response Number 2
Name: Omid Hosseini
Date: July 10, 2002 at 21:27:56 Pacific
Reply:

Hello,
If you want to enable all pcs connect to internet via Linux box ,
set IPTable like below :

#
# Deny Firewall
#

/sbin/iptables -t nat -F
/sbin/iptables -F

#
# FOR NAT
#

/sbin/iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -j MASQUERADE

Attention :

I use this configuration ,
but FTP Work only on passive mode ,
I also install ip_nat_ftp modules but ,
I still have problem with FTP NAT when I work on Invalid IPs .

Good Luck
Omid Hosseini


0

Response Number 3
Name: John P.
Date: July 11, 2002 at 13:51:10 Pacific
Reply:

thanks for your reply jerry and Hosseini.

as for the ftp, i dont want the users to browse ftp sites, so it doesnt matter much.

i think i'll be using these rules(feel free to comment if u think anything is wrong )

iptables -t nat -A POSTROUTING -d ! 192.168.0.0/24 -j MASQUERADE

iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT
iptables -A FORWARD -d 192.168.0.0/24 -j ACCEPT
iptables -A FORWARD -s ! 192.168.0.0/24 -j DROP
iptables -A INPUT --protocol udp --source-port 113 -j DROP
iptables -A INPUT --protocol udp --destination-port 113 -j DROP


hope it makes it!
John


0

Sponsored Link
Ads by Google
Reply to Message Icon

Related Posts

See More



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Linux Forum Home


Sponsored links
Ads by Google


Results for: Router + Linux as firewall and proxy
Linux as server and gnome www.computing.net/answers/linux/linux-as-server-and-gnome/3678.html

linux as firewall www.computing.net/answers/linux/linux-as-firewall/17854.html

Linux Iptables firewall and worms www.computing.net/answers/linux/linux-iptables-firewall-and-worms/25547.html