LinuxMCE Forums

General => Users => Topic started by: rwilson131 on January 19, 2008, 10:00:11 pm

Title: Adding Firewall Rules it 710 Beta3 amd64
Post by: rwilson131 on January 19, 2008, 10:00:11 pm
I am trying to add a firewall rule to forward ports to 8081 as described in http://wiki.linuxmce.org/index.php/Installing_Dansguardian

I do not think the firewall rules are being updated as the page states.

here is the output of iptables -L before and after adding a new rule
Code: [Select]
dcerouter_24050:/etc/dansguardian# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     0    --  anywhere             anywhere
ACCEPT     0    --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     0    --  anywhere             anywhere            MARK match 0x1
ACCEPT     udp  --  anywhere             anywhere            udp dpt:bootps
ACCEPT     0    --  192.168.80.0/24      anywhere
ACCEPT     udp  --  anywhere             anywhere            udp dpt:iax
ACCEPT     udp  --  anywhere             anywhere            udp dpt:sip
ACCEPT     udp  --  anywhere             anywhere            udp dpt:2000
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:sieve
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:9001
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:9030
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:www

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
TCPMSS     tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

If I manually tell Firefox to use port 8081 at 192.168.80.1 then it correctly blocks unwanted sites. 

Is any one else seeing this and if so is there a simple way to get these to update.  I even did a router reload and although the firewall page has the new rule listed, it is not listed on the iptables -L output.

Thanks,
Rob
Title: Re: Adding Firewall Rules it 710 Beta3 amd64
Post by: uplink on January 21, 2008, 04:49:24 pm
Use this command:

iptables -t nat -xvnL

to see NAT related firewall entries.
Title: Re: Adding Firewall Rules it 710 Beta3 amd64
Post by: rwilson131 on January 22, 2008, 02:09:36 am
Here is the output requested, so it is getting loaded.

Code: [Select]
dcerouter_24050:~# iptables -t nat -xvnL
Chain PREROUTING (policy ACCEPT 40 packets, 2886 bytes)
    pkts      bytes target     prot opt in     out     source               destination
       0        0 DNAT       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 to:192.168.80.1:8081

Chain POSTROUTING (policy ACCEPT 6 packets, 480 bytes)
    pkts      bytes target     prot opt in     out     source               destination
       0        0 MASQUERADE  0    --  *      eth0    192.168.80.0/24     !192.168.80.0/24

Chain OUTPUT (policy ACCEPT 6 packets, 480 bytes)
    pkts      bytes target     prot opt in     out     source               destination

My question is now, why did this same rule forward all outgoing browser requests to port 8081 in 704 and now it does not? 

Is there another way to handle outgoing connections.

I would like to figure this one out. 

right now the work around is to manually tell all browsers to us proxy 192.168.80.1:8081

Thanks,
Rob