Henrik Nordstrom wrote:
> Your INPUT and OUPUT rules looks a little odd.. but as you did not
> include the full ruleset it is hard to tell.. (iptables -L only gives
> a summary of the rules.. it is better to use iptables-save)
Thank's a lot, Henrik, for interressing to my pb:-)
here are my iptables rules (eth0 192.168.200.1/16 - eth1 10.0.0.1 on
ADSL-modem ethernet - workstations are on 192.168.200.10 to 60/16)
best Regards
Vincent
#!/bin/sh
#
#############################################
# Vider les chaines
iptables -F
# Supprimer d'eventuelles chaines perso
iptables -X
# Pointage par defaut sur DROP
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
# Pareil avec les tables nat et mangle mais pointent sur ACCEPT
iptables -t nat -F
iptables -t nat -X
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
# Le serveur est sur
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Le LAN est sur
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A OUTPUT -o eth0 -j ACCEPT
#ouvrir ssh
iptables -A INPUT -p tcp --dport 22 -i ppp0 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 22 -o ppp0 -j ACCEPT
# Mise en place du nat pour
# tout ce qui traverse la passerelle
# en sortant par ppp0
# le LAN est en 192.168.0.0
iptables -t nat -A POSTROUTING -s 192.168.0.0/255.255.0.0 -o ppp0 -j
MASQUERADE
iptables -A FORWARD -i eth0 -o ppp0 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i ppp0 -o eth0 -m state --state ESTABLISHED,RELATED -j
ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
Received on Sun Dec 28 2003 - 10:42:41 MST
This archive was generated by hypermail pre-2.1.9 : Thu Jan 01 2004 - 12:00:27 MST