Loading ...
Sorry, an error occurred while loading the content.

unable to configure / open ports : iptables

Expand Messages
  • Agnello George
    i have the following set up in my office , on my server , eth1( public IP ) and eth2 ( private ip ) i have set up the a script to run every time my system
    Message 1 of 1 , Apr 12, 2008
    • 0 Attachment
      i have the following set up in my office , on my server , eth1( public
      IP ) and eth2 ( private ip )

      i have set up the a script to run every time my system boot, but
      however this script is wrong some where, i am unable to surf through
      the Internet through my client machine : bellow is my
      iptable_script.sh

      #/bin/sh!
      iptables --flush
      iptables --table nat --flush
      iptables --delete-chain
      iptables --table nat --delete-chain

      # Set up IP FORWARDing and Masquerading
      iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
      iptables -A FORWARD -i eth2 -j ACCEPT

      #Drop all packages by default, allow only the ones specified explicitly
      iptables -P INPUT DROP ---- this is mainly done to block all ports
      iptables -P OUTPUT DROP ---- this is mainly done to block all ports
      iptables -P FORWARD DROP ---- this is mainly done to block all ports

      #Accept trafic to local interface
      iptables -A INPUT -i lo -j ACCEPT

      #Allow Established and Related Connections to pass through
      iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

      #Allow ICMP
      iptables -A OUTPUT -p ICMP -j ACCEPT

      #Allow DNS
      iptables -A OUTPUT -p UDP --dport 53 -j ACCEPT

      #Allow SMTP, POP, IMAP, Gmail, Yahoo IM, Freenode, MSN, Gtalk, Ktorrent
      iptables -A OUTPUT -p TCP --dport 25 -j ACCEPT
      iptables -A OUTPUT -p TCP --dport 110 -j ACCEPT
      iptables -A OUTPUT -p TCP --dport 143 -j ACCEPT

      #Allow browsing HTTP and HTTPS
      #iptables -A OUTPUT -p TCP --dport 80 -j ACCEPT
      #iptables -A OUTPUT -p TCP --dport 443 -j ACCEPT


      can some one help me out here, as to where i am going wrong

      Thanks !!

      --
      Regards
      Agnello Dsouza
      www.linux-vashi.blogspot.com
    Your message has been successfully submitted and would be delivered to recipients shortly.