Some Network Tips

Iptables

Do you have a firewall or some computer with any kind of exposure to the Internet? Then you might want to use iptables for filtering/blocking/forwarding your connections. Lets see some examples.

Block an IP address

iptables -I INPUT -i eth0 -s IP_address -j REJECT

Basic Init.d script for firewalling your network.

#!/bin/sh
case $1 in
start)
echo "miscelanea"
echo "Configuring Router"
echo 1 > /proc/sys/net/ipv4/ip_forward
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
modprobe ip_conntrack_irc

## put here your iptables rules
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

## end rules
 ;;
 stop)
 echo "Removing iptables rules"
 iptables -t nat -F
 ;;
 esac	 

Port redirection

 iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8082 -j DNAT --to 12.0.0.1:8080

Firehol, the definitive firewall

Creating firewall rules can get you MAD, one of the easier way to create rules for your FW based on iptables is using firehol. It has a very easy syntax to create rules as shown below.

root@raspi ~ # cat /etc/firehol/firehol.conf
	
	version 5
	
	# my own rule named clan forwarding port 5223
	server_clan_ports="tcp/5223"
	client_clan_ports="default"

	#dnat 10.0.0.2 proto tcp dst 192.168.56.2 dport 80

	interface eth0 internet
    	client "dns http https ssh clan" accept
		server "ssh clan" accept

	interface wlan0 wifi
        server "dhcp ssh dns" accept
        client "dns http https ssh clan" accept
	
	#interface eth2 wifi
	#       server "ssh" accept
	#       client "dns http https ssh" accept

	router wifi2internet inface wlan0 outface eth0		masquerade
    	route "dns http https clan" accept
	
	#router lan2internet inface eth2 outface eth0
	#       masquerade
	#       route "dns http https" accept

	#router internet2dmz inface eth0 outface wlan0
	#       route "http" accept