198
edits
Changes
→NAT configuration
== NAT configuration ==
The firewall and NAT is configured with a iptables script:
<pre>
cat /root/iptables.sh
</pre>
<pre>
#!/bin/bash
echo "Setting iptables rules"
iptables -F
iptables -t nat -F
# Add loopback interface
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Allow DNS
iptables -A INPUT -i em1 -p tcp --dport 2049 -j ACCEPT
iptables -A INPUT -i em1 -p udp --dport 2049 -j ACCEPT
iptables -A INPUT -i em1 -p tcp --dport 111 -j ACCEPT
iptables -A INPUT -i em1 -p udp --dport 111 -j ACCEPT
iptables -A INPUT -i em1 -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -i em1 -p udp --dport 53 -j ACCEPT
iptables -A INPUT -i em1 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i em1 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i em1 -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -i p11p1 -s 192.168.1.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o em1 -j MASQUERADE
iptables -A FORWARD -s 192.168.1.0/24 -j ACCEPT
iptables -A FORWARD -d 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# Drop whatever else may come to input
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
</pre>
== DHCP configuration ==