I have 3 machines. One is the firewall (RH7.1) and the other sit behind it. One runs win2k and the other RH7.1 also. I have everything working expect two things. I can’t ssh from my firewall to my main RH machine. I can go from my main machine to the firewall. The other problem is that the firewall doesn’t forward port 80 to my main machine which runs apache. I am new to setting up firewalls. I took one from the net and modified it a little, and I don’t know if I am missing something or not. Here is the code.
#!/bin/bash
#flush all tables and reset the counters
iptables -F
iptables -X
iptables -Z
iptables -t nat -F
#set default policy to drop
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
#Enable ip forwarding
/bin/echo “1” > /proc/sys/net/ipv4/ip_forward
#start masquerading
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT
iptables -A FORWARD -d 192.168.0.0/24 -j ACCEPT
iptables-A FORWARD -s ! 192.168.0.0/24 -j DROP
#make sure NEW tcp connections are SYN packets
iptables -A INPUT -i ppp0 -p tcp ! –syn -m state –state NEW -j DROP
##Fragments
iptables -A INPUT -i ppp0 -f -j LOG –log-prefix “IPTABLES FAGMENT:”
iptables -A INPUT -i ppp0 -f -j DROP
#make sure new tcp connections are syn packets
iptables -A INPUT -i ppp0 -p tcp ! –syn -m state –state NEW -j DROP
#WWW
iptables -A OUTPUT -p tcp –dport 80 -j ACCEPT
iptables -A INPUT -i ppp0 -p tcp –sport 443 -m state –state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o ppp0 -p tcp –dport 443 -m state –state NEW,ESTABLISHED -j ACCEPT
#DNAT
iptables -A PREROUTING -t nat -p tcp -i ppp0 –dport 80 -j DNAT –to 192.168.0.3:80
any suggestions?
Thanks
Oh, and I can hit the apache server from my win2k machine.