linux firewall, iptables forwarding problem
Hi,
I am new to the linux, but I need to set up a simple firewall for the local network.
I have Ubuntu kernel 2.6 installed, two NIC cards with a one static IP address to internet, I am using bridge-utilities bridge two interfaces together. The bridge is up and fine.
Now I am really stock at this point.
I set default policy to DROP for Forward and enabled forwarding.
Then add rules like these:
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
the local computer can not access internet, but if I changed default FORWARD policy to ACCEPT,
the local computer then can access internet.
I really don't understand why, Please help!
weiwei
Comments
weiwei
Why do the state have to be ESTABLISHED or RELATED? Like this newly generated packets won't get through your rules and will be DROPed as that is your default policy.
Try changing that
Regards
AFAIK this is not true.
The policies are only applied whenever all the other rules fail.
This was the sort of problem i faced in Linux Firewall that is in Forwarding iptables.
i hav 3 NICs
eth0 is my internet interface
eth1 is DMZ interface (doesnt really act like a dmz yet)
eth2 is my local lan
I want to forward the ports to the server on the DMZ
I looked on google on more sites on how to forward ports and it says :
iptables -t nat -A PREROUTING -p tcp -d $INET_IP --dport 25 -j DNAT --to $DMZ_SERVER1:80
is this command correct?
thanks for your reply
EDIT:
no worried thanks again for your reply fixed it. USed these commands
$IPTABLES -A FORWARD -p tcp -i $INETIF --destination-port 80 --destination 192.168.2.2 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -p tcp -i $INETIF --destination-port 80 -j DNAT --to-destination 192.168.2.2:80 __________________
rm -rf /