Page 27 of 29 FirstFirst ... 172526272829 LastLast
Results 261 to 270 of 286

Thread: HOWTO: Set a custom firewall (iptables) and Tips [Beginners edition]

  1. #261
    Join Date
    Jun 2005
    Location
    France
    Beans
    7,100
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: HOWTO: Set a custom firewall (iptables) and Tips [Beginners edition]

    Quote Originally Posted by Kalle370 View Post
    hey i get this:
    root@kubuntu:~# sudo /etc/init.d/firewall start
    sudo: /etc/init.d/firewall: command not found

    what i do wrong?
    You should have forgotten one step of the tutorial. Here it seems that you either miss the /etc/init.d/firewall or it has not the +x rights.

  2. #262
    Join Date
    Nov 2007
    Location
    South African in London
    Beans
    1,092
    Distro
    Ubuntu 8.04 Hardy Heron

    Re: HOWTO: Set a custom firewall (iptables) and Tips [Beginners edition]

    Excellent HOWTO. Good work

  3. #263
    Join Date
    Nov 2005
    Location
    Slovenia, Ljubljana
    Beans
    61
    Distro
    Kubuntu 11.04 Natty Narwhal

    Re: HOWTO: Set a custom firewall (iptables) and Tips [Beginners edition]

    We had a talk about IP blacklist before, so this is what I am using now, by also changing ssh port away from 22, closing it to IP/PORT or MAC/PORT I do not have any unwelcome visits.

    This is a code for blacklist:
    Code:
    # $IP_BLACKLIST is a file name with ip addresses on a row by row base
    	if [ "$IP_BLACKLIST" != "" ]; then
    		if [ -f $IP_BLACKLIST ]; then
    			# file exists
    			echo "applying custom IP blacklist...."
    			$IPT -N ipblacklist #-N creates a New, user defined chain (blacklist for example).
    			while read line
    			do
    				#echo $line
    				$IPT -A ipblacklist -s $line -j DROP
    			done < "$IP_BLACKLIST"
    		else
    			echo "Error reading custom blacklist file:"	
    			echo "$IP_BLACKLIST"
    		fi
    	fi
    xDeveloper

    infotronika

  4. #264
    Join Date
    Jun 2005
    Location
    France
    Beans
    7,100
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: HOWTO: Set a custom firewall (iptables) and Tips

    Thanks all, i'm glad it helped.

  5. #265
    Join Date
    Apr 2009
    Location
    Germany, City of Essen
    Beans
    2
    Distro
    Ubuntu 8.10 Intrepid Ibex

    Question Re: HOWTO: Set a custom firewall (iptables) and Tips [Beginners edition]

    Hi Frodon,

    just have to say thank you for this excellent HOWTO! Your Howto is one of very few documentations which are compact, easy to understand and most important - it's easy to implement.

    There's no need to spend hours with "try & error" to find out how to migrate the given examples onto my own machine! Your solution works pretty well


    I just have a question about NAT, because my server is also working as an NAT Server which is used by six (internal LAN) clients to connect to the internet. Working solution.

    When I try to implement your firewall solution I have trouble with the other clients which can't connect to the server and to the internet anymore.
    When I stop the firewall service, prevent it from starting up automatically and delete the files "firewall.bash, etc..." I still have the same problem as before. Tried several reboots but it took no effect.

    The firewall is implemented exactly as you are describing it in this HOWTO - no changes or mods.
    The server has been set up from the scratch and still never had any firewall installed.
    The question is, if there may be any other files or hidden options to be set to make the firewall changes dissappear so that NAT will work again?

    Very interresting is if there might be any way that let's the Firewall do it's job and let's the server still provide NAT Services?
    I don't want to remove the firewall because it's working really good. That's why I'm searching for a solution to gets your Firewall and the NAT functionality together on one server

    Thank you so much in advance!!

  6. #266
    Join Date
    Jun 2005
    Location
    France
    Beans
    7,100
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: HOWTO: Set a custom firewall (iptables) and Tips [Beginners edition]

    In the firewall script i give in first post you can see the following :
    Code:
    # DROP all forward packets, we don't share internet connection in this example
    iptables -A FORWARD -j DROP
    It means that FORWARD packets are all dropped so this is normal than connection sharing don't work anymore.
    If you want to transfer all ports to your LAN you can just comment this line and add the following instead :
    Code:
    iptables -A FORWARD -j ACCEPT 
    # hide computers behind the firewall 
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE 
    echo 1 > /proc/sys/net/ipv4/ip_forward
    You have some basis on first post about FORWARD packets, they are those who handle/create the NAT feature.
    Last edited by frodon; April 20th, 2009 at 09:41 PM.

  7. #267
    Join Date
    Apr 2009
    Location
    Germany, City of Essen
    Beans
    2
    Distro
    Ubuntu 8.10 Intrepid Ibex

    Talking Re: HOWTO: Set a custom firewall (iptables) and Tips [Beginners edition]

    Hi Frodon,

    wow... that's what I'd call "JUST IN TIME"!!
    Thanks for your very quick response! Everythings running as desired, now!

    Firewall AND Nat-Service are both working together on one single Server now . GREAT!!

    Thank you once again for your support and for this excellent HOWTO!! Helped me very much

  8. #268
    Join Date
    Nov 2005
    Location
    Slovenia, Ljubljana
    Beans
    61
    Distro
    Kubuntu 11.04 Natty Narwhal

    Re: HOWTO: Set a custom firewall (iptables) and Tips [Beginners edition]

    I actually used Ubuntu Firewal by Robert Pectol for his installation script log etc, but added some corrections from this great guide, ip blacklist...
    and made a digg.
    xDeveloper

    infotronika

  9. #269
    Join Date
    Feb 2007
    Beans
    169
    Distro
    Ubuntu 11.10 Oneiric Ocelot

    Re: HOWTO: Set a custom firewall (iptables) and Tips [Beginners edition]

    Hi all..

    I'm new to Iptables. This has been very helpful so far. I want to make a whitelist of sites to let my students access. I'm still confused.

    I was able to kill Internet access totally today for the classes that just waste time playing games and turn it back on for the others. Hooray.
    Now I want to give those kids a short list of sites related to the class they can access.

    So this line will drop any site not google.
    Code:
    iptables -A INPUT -p tcp --source !  google.com -j DROP
    Do I DROP the FORWARD chain then add rules to ACCEPT sites
    or ACCEPT the FORWARD chain than add rules to DROP sites

    Or am I completely confused?

  10. #270
    Join Date
    May 2007
    Beans
    28

    Re: HOWTO: Set a custom firewall (iptables) and Tips [Beginners edition]

    Frodon, thanks for the great writeup.

    What do I need to do to open port 22 for ssh in addition to what you have shown?

Page 27 of 29 FirstFirst ... 172526272829 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •