[plug] gateway problem
Leon Brooks
leon at brooks.fdns.net
Sun Dec 23 13:44:47 WST 2001
On Sunday 23 December 2001 12:18, Rob Dunne wrote:
> Thanks Leon,
> on the gateway
>
> [root at lycra robd]# /sbin/ipchains -xvnL
> Chain input (policy ACCEPT: 7193760 packets, 425913125 bytes):
> Chain forward (policy ACCEPT: 37 packets, 3080 bytes):
> Chain output (policy ACCEPT: 13144311 packets, 18695381854 bytes):
>
> which looks OK
But not OK enough. Do this (and add it to /etc/rc.d/rc.local if you want it
to be permanent):
# if running any Windows boxen, a drop of paranoia is good
ipchains -A forward -p tcp -s 0/0 137:139 -d 0/0 -j DROP
ipchains -A forward -p udp -s 0/0 137:139 -d 0/0 -j DROP
ipchains -A forward -p tcp -s 0/0 -d 0/0 137:139 -j DROP
ipchains -A forward -p udp -s 0/0 -d 0/0 137:139 -j DROP
# in any case, masquerade forwarded packets
ipchains -A forward -s 192.168.X.0/24 -d ! 192.168.X.0 -j MASQ
(Replace X with the appropriate number for your LAN's network).
Cheers; Leon
More information about the plug
mailing list