local ssh connect

Benjamin Albrecht bennya@web.de
Thu, 9 Aug 2001 18:49:45 +0100 

--cNdxnHkX5QqsyA0e
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

hi netfilters,

i resolved the problem from this morning. now i m out of breath. because
i try to make my firewall manageable from my workstation. the firewall
is the cellar. and every 5 min i had to jump down because i ve closed
all ports. my configuration

workstations <--> 16-Port-Switch <--> firewall

the firewall has two nics. one for the local-network and the other to
connect my DSL-Provider. my first goal is to sit on my wk and play with
iptables. but i can t. i tried serveral configurations with my script
but i cant connect to the firewall (called drago)

perhaps someone can say me my fault.

benjamin




################################################################
# go away or I will replace you with a very small shell-script #
################################################################
# Benjamin Albrecht        #   UIN: 68187352                   #
# Mergel=E4cker 2            #   E-mail: bennya@web.de           #
# 75417 M=FChlacker          #   Linuxuser: 212867               #
# Germany                  #   http://www.benjamin-albrecht.de #
################################################################

--cNdxnHkX5QqsyA0e
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=firewalling

#!/bin/sh
IT="/sbin/iptables"
LAN_IP_RANGE="192.168.168.0/24"
LAN_IP="192.168.168.3"
LOCAL_NIC="eth1"
INET_NIC="eth0"
INET_IFACE="ppp0"


##################################
# DELETE FIREWALL AND NAT CHAINS #
##################################

$IT -X
$IT -F
$IT -t nat -F
$IT -t nat -X


#################################################
# CREATE NEW CHAINS TO FILTER  PROVIDER TRAFFIC #
#################################################

$IT -N to_t 
$IT -N from_t 


#############################
# SET DEFAULT POLICY SECURE #
#############################

$IT  -P INPUT ACCEPT 
$IT  -P OUTPUT ACCEPT 
$IT  -P FORWARD ACCEPT 
 

#################
# ACTIVATE MASQ #
#################

$IT -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
$IT -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$IT -A FORWARD -i $LOCAL_NIC -j ACCEPT


############################################
# NAT RULES | EXTERNAL MACHINES TO FONTANE #
############################################
 
$IT -t nat -A PREROUTING -i $INET_IFACE -p tcp --dport 80 -j DNAT --to 192.168.168.1:80
$IT -t nat -A PREROUTING -i $INET_IFACE -p tcp --dport 22 -j DNAT --to 192.168.168.1:22


###################
# TELEKOM TRAFFIC #
###################

$IT -A FORWARD -o $INET_IFACE -j to_t 
$IT -A FORWARD -o $LOCAL_NIC -j from_t 


###########################################
# ALLOW SPECIFIED WORKSTATION HTTP ACCESS #
###########################################

$IT -A to_t -i $LOCAL_NIC -p TCP --dport 80 -s 192.168.168.8 -j ACCEPT
$IT -A to_t -i $LOCAL_NIC -p TCP --dport 80 -s 192.168.168.10 -j ACCEPT
$IT -A to_t -i $LOCAL_NIC -p TCP --dport 80 -s 192.168.168.15 -j ACCEPT
$IT -A to_t -i $LOCAL_NIC -p TCP --dport 80 -s 192.168.168.16 -j ACCEPT
$IT -A to_t -i $LOCAL_NIC -p TCP --dport 80 -s 192.168.168.18 -j ACCEPT


#################################
# SSH Connection LOCAL to DRAGO #
#################################

$IT -A INPUT -p TCP --dport 22 -s $LAN_IP_RANGE -j ACCEPT


####################################
# DNS from Fontane to Root-Servers #
####################################

$IT -A to_t -i $LOCAL_NIC -p udp --dport 53 -j ACCEPT





--cNdxnHkX5QqsyA0e--