Firewall FORWARD Linux HELP
Jeg har et stor problem som er, at jeg er ved at bygge en firewall, men jeg kan ikke FORWARDe traffikken fra det indre netværk til det ydre netwærk (GW).Jeg har installeret RedHat 8.0 i en skrabet version. Den RedHat anbefaler ved installation når man vil bygge en firewall.
Der er to netkort i min linux maskine
ifconfig ser så ledes ud
eth0 Link encap:Ethernet HWaddr 00:50:BF:E0:A3:8D
inet addr:192.168.3.7 Bcast:192.168.3.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:236 errors:0 dropped:0 overruns:0 frame:0
TX packets:82 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:27461 (26.8 Kb) TX bytes:8300 (8.1 Kb)
Interrupt:10 Base address:0x1000
eth1 Link encap:Ethernet HWaddr 00:B0:02:00:25:E3
inet addr:192.168.3.10 Bcast:192.168.3.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3536 errors:0 dropped:0 overruns:0 frame:0
TX packets:2341 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:269841 (263.5 Kb) TX bytes:278862 (272.3 Kb)
Interrupt:9 Base address:0x5000
eth1:0 Link encap:Ethernet HWaddr 00:B0:02:00:25:E3
inet addr:192.168.3.5 Bcast:192.168.3.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:9 Base address:0x5000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:20 errors:0 dropped:0 overruns:0 frame:0
TX packets:20 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1568 (1.5 Kb) TX bytes:1568 (1.5 Kb)
route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.3.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
192.168.3.7 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
192.168.3.10 0.0.0.0 255.255.255.255 UH 0 0 0 eth1
192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.3.1 0.0.0.0 UG 0 0 0 eth1
lsmod
Module Size Used by Not tainted
ipt_LOG 4184 0 (autoclean)
ip_nat_ftp 4240 0 (unused)
ip_conntrack_irc 3520 0 (unused)
ipt_REJECT 3736 0 (unused)
ipt_state 1048 0 (autoclean)
iptable_mangle 2776 0 (autoclean) (unused)
iptable_nat 19960 1 (autoclean) [ip_nat_ftp]
ip_conntrack_ftp 5088 0 (unused)
ip_conntrack 21244 4 [ip_nat_ftp ip_conntrack_irc ipt_state iptable
_nat ip_conntrack_ftp]
autofs 13348 0 (autoclean) (unused)
8139too 17704 1
mii 2156 0 [8139too]
tulip 43552 1
iptable_filter 2412 0 (autoclean)
ip_tables 14936 8 [ipt_LOG ipt_REJECT ipt_state iptable_mangle i
ptable_nat iptable_filter]
mousedev 5524 0 (unused)
keybdev 2976 0 (unused)
hid 22244 0 (unused)
input 5888 0 [mousedev keybdev hid]
usb-uhci 26188 0 (unused)
usbcore 77024 1 [hid usb-uhci]
ext3 70368 4
jbd 52212 4 [ext3]
IPTABLE SCRIPT
#!/bin/bash
IPTABLES=/sbin/iptables
EXTIF="eth0"
INTIF="eth1"
echo " Eksternt Interface: $EXTIF"
echo " Internt Interface: $INTIF"
echo -en " Moduler loades: "
# ******************* Start på Modultjek **********
echo " - Er alle moduler ok?????"
/sbin/depmod -a
echo -en "ip_tables, "
/sbin/insmod ip_tables
echo -en "ip_conntrack, "
/sbin/insmod ip_conntrack
echo -en "ip_conntrack_ftp, "
/sbin/insmod ip_conntrack_ftp
echo -en "ip_conntrack_irc, "
/sbin/insmod ip_conntrack_irc
echo -en "iptable_nat, "
/sbin/insmod iptable_nat
echo -en "ip_nat_ftp, "
/sbin/insmod ip_nat_ftp
# ******************* Slut på Modultjek **************
echo ". Done with modules."
echo " enabling forwarding.."
echo "1" > /proc/sys/net/ipv4/ip_forward
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
echo -e "\n !!!!Done!!!! \n"
Det eneste jeg ikke kan hitte ud af, er hvorfor trafikken ikke bliver forward. Jeg har kikket på iptraf og der sker nul og niks.
