IPTABLES Allow LAN to WAN
iptables is a command line utility for configuring Linux kernel firewall implemented within the Netfilter project.
We configure on Linux Server (iptables) to allow network 5.5.5.0/24 go to INTERNET.
Here is our script:
#!/bin/sh
WAN="eth1"
LAN="eth2"
# ----- Enable Route ----- #
echo 1 > /proc/sys/net/ipv4/ip_forward
# ----- Default to drop packets ----- #
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
# ----- Allow all local loopback traffic ----- #
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# ----- Allow LAN SSH TO FIREWALL PORT 22 ----- #
iptables -A INPUT -i $LAN -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -o $LAN -p tcp --sport 22 -j ACCEPT
# ---- Allow LAN Ping TO FIREWALL ----- #
iptables -A INPUT -i $LAN -p icmp -j ACCEPT
iptables -A OUTPUT -o $LAN -p icmp -j ACCEPT
# ----- Allow LAN access Internet ----- #
iptables -A FORWARD -o $LAN -m state --state ESTABLISHED,RELATED -j ACCEPT
# ----- NAT and MASQUERADE -----#
iptables -A FORWARD -i $LAN -o $WAN -j ACCEPT
iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE
# ----- EOF ----- #
Check on the client ip and test to INTERNET.
Finished,
#LINUX #IPTABLES #vannakk
No comments:
Post a Comment