Re: Iptables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Okay here is my iptables rule set (attached). I am thinking
this is not really the problem though. I am also attaching
my ifconfig output. The firewall configuration functions
just fine for browsing on the second machine and checking
e-mail. Downloads however (extended downloads over 1 meg or
so) still do not function.


You will notice that eth1 no longer has an inet address.
This was done on purpose. I did so because reading a few
docs said that pppoe needs the ethernet card to have no ip.
It always worked with an ip before but I removed it just to
see what would happen. The result was just as expected, it
made no difference.

I made all ethernet cards (other than eth1) have an mtu of
1492. This was done purposely as well, since ppp0 is auto
set to 1492. The mssclamp is 1412, changing this to anything
else makes ppp0 not come up on network start. Should I
change the mtu of the cards to 1412 universally to match the
mss? I think this is not necessary I could be wrong. Please
point out any mistakes. 

Thank You!

Alex


eth0      Link encap:Ethernet  HWaddr 00:0C:41:22:FC:61  
          inet addr:192.168.1.101  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:41ff:fe22:fc61/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1492  Metric:1
          RX packets:48274 errors:0 dropped:0 overruns:0 frame:0
          TX packets:70284 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:8649554 (8.2 Mb)  TX bytes:59719647 (56.9 Mb)
          Interrupt:10 Base address:0xf000 

eth1      Link encap:Ethernet  HWaddr 00:0C:6E:28:5B:11  
          inet6 addr: fe80::20c:6eff:fe28:5b11/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:276766 errors:0 dropped:0 overruns:0 frame:0
          TX packets:317228 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:205436250 (195.9 Mb)  TX bytes:114296180 (109.0 Mb)
          Interrupt:9 Base address:0xa000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:15573 errors:0 dropped:0 overruns:0 frame:0
          TX packets:15573 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:6291417 (5.9 Mb)  TX bytes:6291417 (5.9 Mb)

ppp0      Link encap:Point-to-Point Protocol  
          inet addr:66.140.204.91  P-t-P:66.140.205.254  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:6722 errors:6845 dropped:0 overruns:0 frame:0
          TX packets:7723 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:2292449 (2.1 Mb)  TX bytes:3017207 (2.8 Mb)



# Firewall configuration written by redhat-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
-A RH-Firewall-1-INPUT -i eth1 -j ACCEPT
-A FORWARD -i ppp0 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -i eth0 -o ppp0  -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 60011:60014 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 60000:60010 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8436 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 20 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
#*mangle
#-A PREROUTING -p tcp --tcp-flags ALL NONE -j DROP
#-A PREROUTING -p tcp --sport 60011:60014 -j TOS --set-tos Minimize-Delay
#-A PREROUTING -p tcp --sport 60000:60010 -j TOS --set-tos Maximize-Throughput
#-A PREROUTING -p tcp --sport 80 -j TOS --set-tos Maximize-Throughput
#-A PREROUTING -p tcp --sport 25 -j TOS --set-tos Minimize-Cost
#-A PREROUTING -p tcp --sport 22 -j TOS --set-tos Minimize-Delay
#-A PREROUTING -p tcp --sport 21 -j TOS --set-tos Maximize-Throughput
#-A PREROUTING -p tcp --sport 20 -j TOS --set-tos Maximize-Throughput
#COMMIT
*nat
-A POSTROUTING -o ppp0 -s 192.168.1.0/24 -j MASQUERADE
COMMIT
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux