From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.62) (envelope-from ) id 1H6GOI-0003qS-H1 for garchives@archives.gentoo.org; Mon, 15 Jan 2007 01:12:02 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.8/8.13.8) with SMTP id l0F1Arj1018422; Mon, 15 Jan 2007 01:10:53 GMT Received: from mirus.exceedtech.net (ns0.exceedtech.net [70.151.169.5]) by robin.gentoo.org (8.13.8/8.13.8) with ESMTP id l0F15jSd021942 for ; Mon, 15 Jan 2007 01:05:46 GMT Received: from [65.144.132.251] (0-2pool132-251.nas2.greenwood1.ms.us.da.qwest.net [65.144.132.251]) by mirus.exceedtech.net (8.12.8/8.12.8) with ESMTP id l0F0wJqQ027259 for ; Sun, 14 Jan 2007 18:58:19 -0600 Message-ID: <45AAD1AA.1050306@exceedtech.net> Date: Sun, 14 Jan 2007 18:58:18 -0600 From: Dale User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.9) Gecko/20070105 SeaMonkey/1.0.7 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Setting up a home router References: <6142e6140701141127ke803445jb5d9a89f8fa523a@mail.gmail.com> <45AAB2A7.5070201@exceedtech.net> <6142e6140701141628wb031981t4200f5bc60c2f848@mail.gmail.com> In-Reply-To: <6142e6140701141628wb031981t4200f5bc60c2f848@mail.gmail.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Archives-Salt: 1276c03e-5edf-467f-be50-cbbe0335fa1c X-Archives-Hash: 1ddd7751bea8edfc17ae3ebdd01c1a92 Daniel Pielmeier wrote: >> I used this script a long time ago. It worked until iptables got >> changed. It still worked but it gave a few errors. Maybe some guru can >> look at this and update it for us both. Then maybe I can get someone to >> upgrade the script on the site. I had to edit the very first bit about >> which interface is what. Here it is: > > I have tested your script! Do you get an error like this: > iptables v1.3.5: unknown protocol `ssh' specified > > I am not sure if it is right but i have replaced this line > > $IPTABLES -A INPUT --protocol ssh --dport 22 -j ACCEPT > by > $IPTABLES -A INPUT --protocol tcp --dport 22 -j ACCEPT > > and the error disappears. > > For me using this iptable rules didn't work, i still can't ping the > internet rom my desktop and also get the error message by the > ntp-client on my desktop. > > Any other suggestions! > > > > > Here is how i changed the script to fit my needs! > > #!/bin/bash > > IPTABLES='/sbin/iptables' > > # Set interface values > EXTIF='ppp0' > #INTIF0='eth0' > INTIF1='eth0' > INTIF2='eth1' > > # enable ip forwarding in the kernel > /bin/echo 1 > /proc/sys/net/ipv4/ip_forward > > # flush rules and delete chains > $IPTABLES -F > $IPTABLES -X > > # enable masquerading to allow LAN internet access > $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE > > # forward LAN traffic from $INTIF1 to Internet interface $EXTIF > $IPTABLES -A FORWARD -i $INTIF1 -o $EXTIF -m state --state > NEW,ESTABLISHED -j ACCEPT > > # forward LAN traffic from $INTIF2 to Internet interface $EXTIF > $IPTABLES -A FORWARD -i $INTIF2 -o $EXTIF -m state --state > NEW,ESTABLISHED -j ACCEPT > > #echo -e " - Allowing access to the SSH server" > $IPTABLES -A INPUT --protocol tcp --dport 22 -j ACCEPT > > #echo -e " - Allowing access to the HTTP server" > $IPTABLES -A INPUT --protocol tcp --dport 80 -j ACCEPT > > # block out all other Internet access on $EXTIF > $IPTABLES -A INPUT -i $EXTIF -m state --state NEW,INVALID -j DROP > $IPTABLES -A FORWARD -i $EXTIF -m state --state NEW,INVALID -j DROP Are you on dial-up too? The EXTIF='ppp0' may need to be eth0 for you if you are using a DSL or cable connection. I'm not real sure about any of this stuff really. I need to get a book on iptables and a whole lot of other things too. Because of my health I can't sit at the puter long enough to learn anything. I can read a book in bed then. I'll see if I can think of something else. Maybe some guru can help us both out. I need that to work too. hmm, come to think of it, I have a thread on the forums. Try this: http://forums.gentoo.org/viewtopic-t-249167-highlight-iptables.html That may help. I tend to ramble a bit. Sorry. Dale :-) :-) :-) -- www.myspace.com/dalek1967 -- gentoo-user@gentoo.org mailing list