I have ip masq setup on my router and everything worked fine until I
tried to block ports. I added the following rules
iptables -A INPUT -j ACCEPT -p tcp --destination-port 22 -i ppp0
iptables -A INPUT -j ACCEPT -p tcp --destination-port 80 -i ppp0
iptables -A INPUT -j DROP -p tcp -i ppp0
this rule is saying, drop everything coming in from ppp0 except on
port 22 & 80. computers on the LAN can connect out but the firewall
cannot connect out. It seems traffic going out on ppp0 interface is
being matched by the 2nd rule. Anyone know how to overcome this?
many thanks for any advice!
Here is result of iptables -L:
[root@obi rc.d]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http
DROP tcp -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level warning
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug