lookup error
Wayne Topa
wtopa@dmcom.net
Fri, 15 Jun 2001 11:15:01 -0400
Subject: Re: lookup error
Date: Thu, Jun 14, 2001 at 11:12:13PM -0400
In reply to:Wayne Topa
Quoting Wayne Topa(wtopa@dmcom.net):
>
> Subject: lookup error
> Date: Thu, Jun 14, 2001 at 11:24:36PM +0200
>
> In reply to:gabberatski
>
> Quoting gabberatski(gabberatski@freegates.be):
> > Hello, I tried a script from the net, but I can't ping (ECHO_REQUEST denied), and i can't lookup a hostname:
> > like i can't do "ping www.tweakers.net"
> >
> > LAN_IP_RANGE="192.168.0.0/24"
> > LAN_IP="192.168.0.1/32"
> > LAN_BCAST_ADRESS="192.168.0.255/32"
> > LOCALHOST_IP="127.0.0.1/32"
> > STATIC_IP="194.236.50.155/32"
> > INET_IFACE="ppp0"
> > LAN_IFACE="eth0"
> > IPTABLES="/usr/local/sbin/iptables"
> >
> >
> > echo "Initiliazing the firewall..."
> > $IPTABLES -t nat -F
> > $IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE
> >
> > iptables -P INPUT ACCEPT
> > iptables -P OUTPUT ACCEPT
> > #iptables -P FORWARD DROP
> >
> > $IPTABLES -A FORWARD -i $INET_IFACE -o $LAN_IFACE -p tcp --dport 20000:20030 -j
> > $IPTABLES -t nat -A PREROUTING -i $INET_IFACE -p tcp --dport 20000:20030 -j DNAT
> > $IPTABLES -A INPUT -j LOG --log-level=info
> >
> >
> >
> > $IPTABLES -N icmp_packets
> > $IPTABLES -N tcp_packets
> > $IPTABLES -N udpincoming_packets
> >
> > #TCP connection
> > $IPTABLES -N allowed
> Shouldn't this be ^^ tcp_packets
> > $IPTABLES -A allowed -p TCP --syn -j ACCEPT
> > $IPTABLES -A allowed -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
> > $IPTABLES -A allowed -p TCP -j DROP
Sorry, I replied before reading the whole script twice.
You have created the forward chain twice, don't know what that would do.
OK the above chain is forward and the one below it should be
icmp_packets (-A icmp_packets for all the rules).
> >
> > #ICMP rules
> > $IPTABLES -N allowed
> and this icmp_packets
> > $IPTABLES -A allowed -p TCP --syn -j ACCEPT
> > $IPTABLES -A allowed -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
> > $IPTABLES -A allowed -p TCP -j DROP
> >
> >
> > #TCP r
> > $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 21 -j allowed
> > $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 22 -j allowed
> > $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 23 -j allowed #ssh
> > $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 80 -j allowed #http
> > $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 113 -j allowed
> > $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 4444 -j allowed #proFTPd
> > $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 8245 -j allowed #proFTPd
> > #UDP rules
> >
> > $IPTABLES -A udpincoming_packets -p UDP -s 0/0 --source-port 53 -j ACCEPT
> > $IPTABLES -A udpincoming_packets -p UDP -s 0/0 --source-port 123 -j ACCEPT
> > $IPTABLES -A udpincoming_packets -p UDP -s 0/0 --source-port 2074 -j ACCEPT
> > $IPTABLES -A udpincoming_packets -p UDP -s 0/0 --source-port 4000 -j ACCEPT
> >
> >
> > #INPUT CHAIN
> >
> > $IPTABLES -A INPUT -p ICMP -i $INET_IFACE -j icmp_packets
> > $IPTABLES -A INPUT -p TCP -i $INET_IFACE -j tcp_packets
> > $IPTABLES -A INPUT -p UDP -i $INET_IFACE -j udpincoming_packets
> >
> > $IPTABLES -A INPUT -p ALL -i $LAN_IFACE -d $LAN_BCAST_ADRESS -j ACCEPT
> >
> >
> > $IPTABLES -A INPUT -p ALL -d $LOCALHOST_IP -j ACCEPT
> > $IPTABLES -A INPUT -p ALL -d $LAN_IP -j ACCEPT
> >
> > #OUTPUT CHAIN
> > $IPTABLES -A OUTPUT -p ALL -s $LOCALHOST_IP -j ACCEPT
> > $IPTABLES -A OUTPUT -p ALL -s $LAN_IP -j ACCEPT
> >
> >
> >
>
> --
> "... one of the main causes of the fall of the Roman Empire was that,
> lacking zero, they had no way to indicate successful termination of
> their C programs." -- Robert Firth
> _______________________________________________________
>
--
Reference Manual: Object that raises the monitor to eye level. Also
used to compensate for that short table leg.
_______________________________________________________