Hi I put up some ipchains a while back and it seems I need to put more info up so i have taken the whole thing and put it in here: As I'm a couple of days passed new and I have not done ipchains as yet, I'm thinking this is a script and I make it into an exc file and run it the link to the Internet is via ppp0 and my internel network use's 192.168.1.1 & 192.168.1.2 the 202.27.184.3 is my ISP an hae has 202.27.184.5 also but I did not put that in *************************************** !/bin/sh -x # To enable logging if necessary #Log=-1 # Constants ANYWHERE=0.0.0.0 EXT_IF=ppp0 INT_IF=eth0 # Networks INTERNAL_NET=10.0.1.0/24 INTERNAL_NET=192.186.1.1/32 EXTERNAL_ADDR=202.27.184.* # Disable packet forwarding while we set up the firewall echo 0 > /proc/sys/net/ipv4_forward # Flush all rules /sbin/ipchains -F input /sbin/ipchains -F output /sbin/ipchains -F forward # Deny all packets by Default - This is mostly - closed Firewall /sbin/ipchains -P input DENY /sbin/ipchains -P output DENY /sbin/ipchains -P forward DENY # Accept anthing to/from localhost /sbin/ipchains -A input -j ACCEPT -p all -s localhost -d localhost -i lo\$LOG /sbin/ipchains -A output -j ACCEPT -p all -s localhost -d localhost -i lo\$LOG /sbin/ipchains -A input -j ACCEPT -p all -s 192.168.1.0/24 -d 192.168.1.0/24 -i lo\$LOG sbin/ipchains -A output -j ACCEPT -p all -s 192.168.1.0/24 -d 192.168.1.0/24 -i lo\$LOG # Spoofing protection - Deny anthing coming from the outside with an \ internal # address /sbin/ipchains -A input -j RETURN -p all -s $INTERNAL_NET -d ANYWHERE -I\$EXT_IF $LOG # Accept TCP packets belonging to already - established connections /sbinipchains -A input -j ACCEPT -p tcp -s $ANYWHERE -d $ME -i $EXT_IF \! -y $LOG # Accept and masquerade all packets from the inside going anywhere /sbin/ipchains -A -j ACCEPT -p all -s INTERNAL_NET -d $ANYWHERE -I\$INT_IF $LOG /sbin/ipchains -A forward -j MASQ -p all -s $INTERNAL_NET -d $ANYWHERTE -I\$INT_IF $LOG # Accept all TCP packets going to the outside net /sbin/ipchains -A output -j ACCEPT -p all -s $ME -d ANYWHERE -i $EXT_IF \$LOG # Accept type 3 ICMP queries ( Destination unreachable ) /sbin/ipchains -A input -j ACCEPT -p icmp -s $ANYWHERE -d $ME -i $EXT_IF \- -icmp-type destination-unreashable $LOG /sbin/ipchains -A output -j ACCEPT -p icmp -s $ANYWHERE -d $ME -i $EXT_IF \- -icmp-type destination-unreashable $LOG # Catch all rules to provide logging /sbin/ipchains -A input -j DENY -l /sbin/ipchains -A output -j DENY -l /sbin/ipchains -A forward -j DENY -l # Enable packet forwarding echo 1 > /proc/sys/net/ipv4_forwrad ************************************************************ Thanks for your help Pete -- To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe" as the Subject.
