Jæja ég ætla að gera aðra tilraun. Ég er að keyra þennan eldvegg og allt virkar fínt nema eitt, ég get ekki komist á ftp af client vélum bara á servernum. Getur einhver sagt mér hvað ég er að gera vitlaust. Nennið þið að sleppa því að segja mér hvað ég er vitlaus, heldur segja mér bara hvað er vandamálið :p

#!/bin/sh

IPTABLES=/sbin/iptables
$IPTABLES -P FORWARD DROP

STATICIP=xxx.xxx.xxx.xxx
LOCALNET=192.168.0.1
NETMASK=255.255.255.0
IRCSERVER=194.105.224.50

IFACE=ppp0
DNS=193.4.194.5

$IPTABLES -F
$IPTABLES -t nat -F
$IPTABLES -X

$IPTABLES -A FORWARD -p tcp -s $LOCALNET/$NETMASK -j ACCEPT
$IPTABLES -A FORWARD -p tcp -d $LOCALNET/$NETMASK -j ACCEPT
$IPTABLES -A OUTPUT -p tcp -s $LOCALNET/$NETMASK -j ACCEPT

$IPTABLES -A FORWARD -p udp -s $LOCALNET/$NETMASK -j ACCEPT
$IPTABLES -A FORWARD -p udp -d $LOCALNET/$NETMASK -j ACCEPT
$IPTABLES -A OUTPUT -p udp -s $LOCALNET/$NETMASK -j ACCEPT

/bin/echo “0” > /proc/sys/net/ipv4/conf/all/accept_source_route
/bin/echo “0” > /proc/sys/net/ipv4/conf/$IFACE/accept_source_route

/bin/echo “0” > /proc/sys/net/ipv4/conf/all/accept_redirects
/bin/echo “0” > /proc/sys/net/ipv4/conf/$IFACE/accept_redirects

/bin/echo “1” > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses

/bin/echo “1” > /proc/sys/net/ipv4/conf/all/log_martians
/bin/echo “1” > /proc/sys/net/ipv4/conf/$IFACE/log_martians

$IPTABLES -t nat -A POSTROUTING -o $IFACE -j SNAT –to $STATICIP


$IPTABLES -A FORWARD -p tcp -s 127.0.0.1/255.0.0.0 –destination-port 22 -j ACCEPT
$IPTABLES -A FORWARD -p tcp -s 127.0.0.1/255.0.0.0 –destination-port 21 -j ACCEPT
$IPTABLES -A FORWARD -p tcp -s 127.0.0.1/255.0.0.0 –destination-port 80 -j ACCEPT
$IPTABLES -A FORWARD -p udp -s 127.0.0.1/255.0.0.0 –destination-port 53 -j ACCEPT
$IPTABLES -A FORWARD -p tcp -s 127.0.0.1/255.0.0.0 –destination-port 6660:6669 -j ACCEPT

$IPTABLES -A INPUT -p tcp -d $STATICIP –destination-port 22 -j ACCEPT

$IPTABLES -A INPUT -p tcp -d $STATICIP –destination-port 80:443 -j ACCEPT

$IPTABLES -A INPUT -p tcp -d $STATICIP –destination-port 21 -j ACCEPT

$IPTABLES -A INPUT -p tcp -d $STATICIP –destination-port 113 -j ACCEPT

$IPTABLES -A INPUT -i $IFACE -p tcp ! –syn -m state –state NEW -j DROP

$IPTABLES -A INPUT -i $IFACE -f -j LOG –log-prefix “IPTABLES FRAGMENTS: ”
$IPTABLES -A INPUT -i $IFACE -f -j DROP

$IPTABLES -A INPUT -d $STATICIP -p tcp -m state –state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -d $STATICIP -p udp -m state –state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -m state –state NEW -i ! $IFACE -j ACCEPT

$IPTABLES -N LOGDROP
$IPTABLES -A LOGDROP -j LOG –log-prefix logdrop –log-level info
$IPTABLES -A LOGDROP -j DROP
$IPTABLES -A INPUT -p tcp -i $IFACE -j LOGDROP
$IPTABLES -A INPUT -p udp -i $IFACE -j LOGDROP

$IPTABLES -A FORWARD -i $IFACE -j DROP

echo “1” > /proc/sys/net/ipv4/ip_forward<br><br><a href="http://nemendur.ru.is/bjorn01">::Björninn::</a