Some Network Tips

Iptables

Do you have a firewall or some computer with any kind of exposure to the Internet? Then you might want to use iptables for filtering/blocking/forwarding your connections. Lets see some examples.

Block an IP address

iptables -I INPUT -i eth0 -s IP_address -j REJECT

Basic Init.d script for firewalling your network.

#!/bin/sh
case $1 in
start)
echo "miscelanea"
echo "Configuring Router"
echo 1 > /proc/sys/net/ipv4/ip_forward
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
modprobe ip_conntrack_irc

## put here your iptables rules
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

## end rules
 ;;
 stop)
 echo "Removing iptables rules"
 iptables -t nat -F
 ;;
 esac	 

Port redirection

 iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8082 -j DNAT --to 12.0.0.1:8080

Firehol, the definitive firewall

Creating firewall rules can get you MAD, one of the easier way to create rules for your FW based on iptables is using firehol. It has a very easy syntax to create rules as shown below.

[email protected] ~ # cat /etc/firehol/firehol.conf

version 5

# my own rule named clan forwarding port 5223
server_clan_ports="tcp/5223"
client_clan_ports="default"

#dnat 10.0.0.2 proto tcp dst 192.168.56.2 dport 80

interface eth0 internet
	client "dns http https ssh clan" accept
	server "ssh clan" accept

interface wlan0 wifi
    server "dhcp ssh dns" accept
    client "dns http https ssh clan" accept

#interface eth2 wifi
#       server "ssh" accept
#       client "dns http https ssh" accept

router wifi2internet inface wlan0 outface eth0		masquerade
	route "dns http https clan" accept

#router lan2internet inface eth2 outface eth0
#       masquerade
#       route "dns http https" accept

#router internet2dmz inface eth0 outface wlan0
#       route "http" accept