iptables for eth0 and eth1
by dolphs from LinuxQuestions.org on (#5FGRX)
Hi,
setting up my hardware which has two ports (eth0 and eth1)
eth0 is for inbound traffic, eth1 for outbound.
Yet I do reach Internet ( thru eth1 ) but do not reach local IPs ( 192.168.x.y )
what am I missing here, I want to use at least dns and ping thru eth1 to local addresses but preferably all outgoing ( also internet ) traffic is allowed.
# Delete all existing iptables rules
iptables -F
# Set default chain policies to DROP all
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
# Allow all outbound traffic eth1 - including internet
iptables -A INPUT -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o eth1 -j ACCEPT
# Allow incoming SSH traffic solely on eth0
iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
Adding these does not seem to work :
iptables -A INPUT -i eth1 -p udp --sport 53 -j ACCEPT
iptables -A INPUT -i eth1 -p icmp --icmp-type echo-reply -j ACCEPT
Is it needed to add
iptables -A OUTPUT -o eth1 -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A OUTPUT -o eth1 -p udp --dport 53 -j ACCEPT
If I leave out eth1 switches it works but all outgoing traffic should go thru eth1 only.
Anyone, please?
TiA!
setting up my hardware which has two ports (eth0 and eth1)
eth0 is for inbound traffic, eth1 for outbound.
Yet I do reach Internet ( thru eth1 ) but do not reach local IPs ( 192.168.x.y )
what am I missing here, I want to use at least dns and ping thru eth1 to local addresses but preferably all outgoing ( also internet ) traffic is allowed.
# Delete all existing iptables rules
iptables -F
# Set default chain policies to DROP all
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
# Allow all outbound traffic eth1 - including internet
iptables -A INPUT -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o eth1 -j ACCEPT
# Allow incoming SSH traffic solely on eth0
iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
Adding these does not seem to work :
iptables -A INPUT -i eth1 -p udp --sport 53 -j ACCEPT
iptables -A INPUT -i eth1 -p icmp --icmp-type echo-reply -j ACCEPT
Is it needed to add
iptables -A OUTPUT -o eth1 -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A OUTPUT -o eth1 -p udp --dport 53 -j ACCEPT
If I leave out eth1 switches it works but all outgoing traffic should go thru eth1 only.
Anyone, please?
TiA!