---

Jeg har følgende opsætning:

*ADSL modem (simens)
*
*
*
**************
*Linksys ruter *
**************
*
*
* (eth1) IP= ? Ja hvad skal den værer.
**************
*Linux RH 7.3 *
**************
* (eth0) IP= 192.168.1.1
*
*
**************
*Ethernet switch*
**************
*
*********************************
* * *
* * *
******* ******* *******
* PC002* * PC003* * PC004* Windows PC'er IP = 192.168.1.X X = 2..4
******* ******* *******

Hvordan opsætter jeg masqurating og firewall med iptables/netfilter? Både linux-serveren og win'maskinerne skal have adgang til internet bag firewall.
Jeg ville have ruteren taget fra, men det haster ikke.
Hvilke ip-adresser skal henholdsvis ruter og eth1 have?
192.168.1.1 netværker er satop med DNS/HTTPD og samba og virker tilsyneladende ok.
Begge netkort virker og er opsat med:
DEVICE='eth0'
BOOTPROTO='none'
BROADCAST='192.168.1.255'
IPADDR='192.168.1.1'
NETMASK='255.255.255.0'
NETWORK='192.168.1.0'
ONBOOT='yes'
GATEWAY='192.168.1.254'
TYPE='Ethernet'
USERCTL='no'
**************** og:
DEVICE='eth1'
BOOTPROTO='none'
BROADCAST='192.168.2.255'
IPADDR='192.168.2.1'
NETMASK='255.255.255.0'
NETWORK='192.168.2.0'
ONBOOT='yes'
TYPE='Ethernet'
USERCTL='no'



/Michael

---

Hej
Jeg vil anbefale Shorewall og webmin.
Den er meget sikker og har mulighed for at lave traffic shaping samt alm firewallregler.
Derudover er den sikker som en i h......
Herunder kan du se en log fra den med reglerne i.

Jesper



Counters reset Mon Apr 21 20:51:03 CEST 2003

Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
1408K 197M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
10M 2585M eth0_in all -- eth0 * 0.0.0.0/0 0.0.0.0/0
22M 17G eth1_in all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 common all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
4540K 4089M eth0_fwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0
4216K 393M eth1_fwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 common all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
1408K 197M ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
7522K 637M ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
3568K 2596M fw2net all -- * eth0 0.0.0.0/0 0.0.0.0/0
22M 14G fw2loc all -- * eth1 0.0.0.0/0 0.0.0.0/0
0 0 common all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0

Chain all2all (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02
44514 14M common all -- * * 0.0.0.0/0 0.0.0.0/0
27114 11M LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:'
27114 11M reject all -- * * 0.0.0.0/0 0.0.0.0/0

Chain common (5 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8
232 18976 icmpdef icmp -- * * 0.0.0.0/0 0.0.0.0/0
4 200 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
19256 3890K REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139 reject-with icmp-port-unreachable
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:445 reject-with icmp-port-unreachable
53 2516 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:135
2322 373K DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1900
3942 1675K DROP all -- * * 0.0.0.0/0 255.255.255.255
0 0 DROP all -- * * 0.0.0.0/0 224.0.0.0/4
67 3924 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113
915 56754 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 state NEW
344K 44M DROP all -- * * 0.0.0.0/0 *.*.*.*
10215 1471K DROP all -- * * 0.0.0.0/0 192.168.0.255

Chain dynamic (4 references)
pkts bytes target prot opt in out source destination

Chain eth0_fwd (1 references)
pkts bytes target prot opt in out source destination
4540K 4089M dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
4540K 4089M net2all all -- * eth1 0.0.0.0/0 0.0.0.0/0

Chain eth0_in (1 references)
pkts bytes target prot opt in out source destination
10M 2585M dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
388 40345 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8
10M 2585M net2fw all -- * * 0.0.0.0/0 0.0.0.0/0

Chain eth1_fwd (1 references)
pkts bytes target prot opt in out source destination
4216K 393M dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
4216K 393M loc2net all -- * eth0 0.0.0.0/0 0.0.0.0/0

Chain eth1_in (1 references)
pkts bytes target prot opt in out source destination
22M 17G dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
758 27880 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8
22M 17G loc2fw all -- * * 0.0.0.0/0 0.0.0.0/0

Chain fw2loc (1 references)
pkts bytes target prot opt in out source destination
21M 14G ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
41 1844 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:6129
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2001
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3306
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10000
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:137
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:138
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:139
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:110
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:143
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:631
1804 162K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:137
16000 3910K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:138
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:139
334K 42M ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:631
24377 5866K all2all all -- * * 0.0.0.0/0 0.0.0.0/0

Chain fw2net (1 references)
pkts bytes target prot opt in out source destination
3152K 2545M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
1293 95344 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02
415K 51M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain icmpdef (1 references)
pkts bytes target prot opt in out source destination

Chain loc2fw (1 references)
pkts bytes target prot opt in out source destination
22M 17G ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
30 1347 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02
11225 726K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53
27348 2363K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:137
21480 5217K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:138
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:139
334K 42M ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:631
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:6129
1 40 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2001
6 280 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3306
5 280 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:631
2 88 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:137
2 88 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:138
322 15448 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:139
1679 80680 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
83 4636 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
5 232 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53
14 760 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
17 820 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25
2 88 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:109
2 88 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:110
22298 1070K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:143
573 27496 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10000
20137 8381K all2all all -- * * 0.0.0.0/0 0.0.0.0/0

Chain loc2net (1 references)
pkts bytes target prot opt in out source destination
4102K 388M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
3597 146K newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02
111K 4746K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain net2all (2 references)
pkts bytes target prot opt in out source destination
4540K 4089M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02
372K 48M common all -- * * 0.0.0.0/0 0.0.0.0/0
8203 644K LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:net2all:DROP:'
8203 644K DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain net2fw (1 references)
pkts bytes target prot opt in out source destination
9923K 2529M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
1971 146K newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02
22831 1561K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53
108K 5287K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
1078 49300 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
223 13380 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53
52 2836 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
997 54956 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25
321 14216 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:110
6236 369K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:143
372K 48M net2all all -- * * 0.0.0.0/0 0.0.0.0/0

Chain newnotsyn (7 references)
pkts bytes target prot opt in out source destination
6932 391K DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain reject (6 references)
pkts bytes target prot opt in out source destination
2567 111K REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
24667 11M REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable

Chain shorewall (0 references)
pkts bytes target prot opt in out source destination



Chain PREROUTING (policy ACCEPT 365K packets, 27M bytes)
pkts bytes target prot opt in out source destination

Chain POSTROUTING (policy ACCEPT 313K packets, 29M bytes)
pkts bytes target prot opt in out source destination
244K 17M eth0_masq all -- * eth0 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 352K packets, 37M bytes)
pkts bytes target prot opt in out source destination

Chain eth0_masq (1 references)
pkts bytes target prot opt in out source destination
104K 4434K MASQUERADE all -- * * 192.168.0.0/24 0.0.0.0/0

Chain PREROUTING (policy ACCEPT 50M packets, 30G bytes)
pkts bytes target prot opt in out source destination
43M 25G pretos all -- * * 0.0.0.0/0 0.0.0.0/0

Chain INPUT (policy ACCEPT 40M packets, 24G bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 10M packets, 5458M bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 40M packets, 22G bytes)
pkts bytes target prot opt in out source destination
34M 18G outtos all -- * * 0.0.0.0/0 0.0.0.0/0

Chain POSTROUTING (policy ACCEPT 51M packets, 28G bytes)
pkts bytes target prot opt in out source destination

Chain outtos (1 references)
pkts bytes target prot opt in out source destination
25M 17G TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0 TOS set 0x10

Chain pretos (1 references)
pkts bytes target prot opt in out source destination
31M 23G TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0 TOS set 0x10

Dette spørgsmål er blevet annulleret, det er derfor ikke muligt for at tilføje flere kommentarer.