Can anyone tell me how this iptable script looks? Is it correct? Is it efficient? Is there anything in there that does not look right or should not be there? Is there anything i should add?
I am trying to setup a firewall/Ip Masq. for an internal network. The firewall needs to accept ports 1444 & 1433 form 222.222.222.20
thanks in advance'
#!/bin/sh
echo 0 > /proc/sys/net/ipv4/ip_forward
LAN_IP_NET='192.168.1.1/24'
LAN_NIC='eth1'
WAN_IP='222.22.222.22'
WAN_NIC='eth0'
iptables -t nat -F POSTROUTING
iptables -t nat -F PREROUTING
iptables -t nat -F OUTPUT
iptables -F
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
# Start additional Rules
iptables -A INPUT -p tcp --source-port 1433 -s 222.222.222.20 -j ACCEPT
iptables -A INPUT -p tcp --source-port 1444 -s 222.222.222.20 -j ACCEPT
# End additional rules
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -t nat -A POSTROUTING -s $LAN_IP_NET -j MASQUERADE
iptables -A FORWARD -j ACCEPT -i $LAN_NIC -s $LAN_IP_NET
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
I am trying to setup a firewall/Ip Masq. for an internal network. The firewall needs to accept ports 1444 & 1433 form 222.222.222.20
thanks in advance'
#!/bin/sh
echo 0 > /proc/sys/net/ipv4/ip_forward
LAN_IP_NET='192.168.1.1/24'
LAN_NIC='eth1'
WAN_IP='222.22.222.22'
WAN_NIC='eth0'
iptables -t nat -F POSTROUTING
iptables -t nat -F PREROUTING
iptables -t nat -F OUTPUT
iptables -F
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
# Start additional Rules
iptables -A INPUT -p tcp --source-port 1433 -s 222.222.222.20 -j ACCEPT
iptables -A INPUT -p tcp --source-port 1444 -s 222.222.222.20 -j ACCEPT
# End additional rules
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -t nat -A POSTROUTING -s $LAN_IP_NET -j MASQUERADE
iptables -A FORWARD -j ACCEPT -i $LAN_NIC -s $LAN_IP_NET
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward