iptables first attempt

By LuckyPhoenix365
in Smart Home, Network & Security

 Share

Recommended Posts

Neowinian

LuckyPhoenix365

Posted
Posted

Hi Guys

I'm having a go at setting up a internet gateway myself. My configuration seems to work fine, but was just curious if I'd done anything obviously stupid or omitted something important? The main thing I was going for is that nothing should be incoming other than ftp,http and https to 10.0.0.24, and that the box should provide normal internet access for all the computers on my LAN. eth0 is my connection to the internet and eth1 is my LAN.

Thanks

# Generated by iptables-save v1.4.12 on Mon Feb 18 12:28:57 2013

*filter

:INPUT ACCEPT [986:236399]

:FORWARD ACCEPT [61:9702]

:OUTPUT ACCEPT [1446:199609]

-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j REJECT --reject-with icmp-port-unreachable

-A INPUT -i eth0 -j DROP

-A INPUT -i lo -j ACCEPT

-A FORWARD -d 10.0.0.24/32 -p tcp -m tcp --dport 80 -j ACCEPT

-A FORWARD -d 10.0.0.24/32 -p tcp -m tcp --dport 21 -j ACCEPT

-A FORWARD -d 10.0.0.24/32 -p tcp -m tcp --dport 443 -j ACCEPT

-A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT

-A FORWARD -i eth1 -o eth0 -j ACCEPT

-A FORWARD -j LOG

COMMIT

# Completed on Mon Feb 18 12:28:57 2013

# Generated by iptables-save v1.4.12 on Mon Feb 18 12:28:57 2013

*nat

:PREROUTING ACCEPT [7085:1080699]

:INPUT ACCEPT [215:56651]

:OUTPUT ACCEPT [1349:87741]

:POSTROUTING ACCEPT [53:3236]

-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.0.0.24:80

-A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j DNAT --to-destination 10.0.0.24:443

-A PREROUTING -i eth0 -p tcp -m tcp --dport 21 -j DNAT --to-destination 10.0.0.24:21

-A POSTROUTING -o eth0 -j MASQUERADE

COMMIT

# Completed on Mon Feb 18 12:28:57 2013

Link to comment
https://www.neowin.net/forum/topic/1137116-iptables-first-attempt/
Share on other sites
This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Instagram now lets you manually reorder posts on your profile grid

      By PeterTHX · Posted

      I just want to know why the volume control feature in the browser version keeps appearing then disappearing, here today - gone tomorrow. Now it's gone again. Annoying as hell.
    • U.S. delegation throws away all burner phones and gifts from China before takeoff

      By PeterTHX · Posted

      When you have only lies and blood libels to present, you've lost. And how hard is it for you to look up BBC and AP? You hate Jews, just admit it.
    • Claude on Windows is eating up massive amounts of RAM, with no way to stop it

      By TheGhostPhantom · Posted

      This article does not make sense and it’s very evident, the bug wasn’t confirmed to exist, because the application itself runs on editions of Windows which make it impossible to run Hyper-V VMs on, “Basically, Claude Desktop on Windows spins up a 1.8GB Hyper-V virtual machine if you use Claude Cowork or agent mode even once.”, suggests the bug is caused by something else otherwise it would only happen to users with the capability of running Hyper-V VMs and that’s only if Hyper-V was enabled which is by default not enabled. The true issue is that the author who reported the bug used the incorrect terminology, it’s actually a container, not a VM that is being started by the way. There were users on macOS reporting the same issue, Hyper-V, doesn’t exist on that platform obviously. Every single user who confirmed the problem in the last week was either using macOS making this issue impossible to be relevant to them, or was a comment talking about WSL, which the author indicated 3 months ago was disabled.
    • Stack Overflow is launching a version of itself for AI agents

      By TheGhostPhantom · Posted

      “To prevent hallucination issues and keep the database clean, the platform uses a multi-agent verification loop to check code quality.” - This absolutely isn’t happening. ”Before the massive rise of LLMs, which tanked its traffic by about 50% over the last couple of years, Stack Overflow was the go-to website for millions of programmers seeking coding solutions.” - It still is trusted, because the community of users, blocked other users from submitting false and misleading answers generated by AI agents that can be convinced something it generated is actually incorrect even if it’s actually correct. The company itself doesn’t know what it wants to be so it keeps trying and failing to introduce AI features to the platform. This effort will also fail, already submitted one successful poison pill, look forward to generating more.
    • Google Chrome is killing all uBlock Origin bypasses, Microsoft Edge, Opera to follow

      By noobient · Posted

      *laughs in firefox*

  • Recent Achievements

    • One Month Later
      Sopa flores earned a badge
      One Month Later
    • First Post
      StaticMatrix earned a badge
      First Post
    • Week One Done
      StaticMatrix earned a badge
      Week One Done
    • Rookie
      lamborghiniv10 went up a rank
      Rookie
    • One Month Later
      pinnclepd earned a badge
      One Month Later

  • Popular Contributors

    1. 1
      +primortal
      524
    2. 2
      PsYcHoKiLLa
      211
    3. 3
      +Edouard
      159
    4. 4
      Steven P.
      98
    5. 5
      ATLien_0
      83
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!