Re: Arno Iptables Firewall

[Herbie Herbert <technowombat@yahoo.com>]

Seems that there's a delay in messages posting.

I found a solution, possibly not THE solution, but it's holding for now.

To the custom-rules file in ther arno-firewall config I added the following.

iptables -A INPUT -i eth5 -p tcp -j DROP
iptables -A INPUT -i eth5 -p udp -j DROP
iptables -A INPUT -i eth5 -p icmp -j DROP

This seems to allow the device to be NAT'd but doesn't allow it to contact anything else internally.

On Tuesday, 14 August 2018, 7:40, Herbie Herbert <technowombat@yahoo.com> wrote:

Anyone on here use arno-iptables-firewall?

I've been running it for a while, since they put it in as part of debian, and managing it with debconf, but suddenly I need to add an extra subnet to it, and not sure what I'm doing.

Currently

---------

1 external IP (eth0) and 1 internal IP (eth1)

eth0 is fed it's IP via DHCP from my ISP

eth1 is a private range on the (10.0.0.1) net and is NAT'd to the outside world it supplies IP's to the house via DHCP

eth1 also has SAMBA, IMAP, NFS and various other services only available on my private network

I need to add a second private IP range, and have it NAT'd but have no access to the other internal network services.

I have added a new card, and identified it as eth5 and assigned it 172.16.0.1

Rather than go thru every service running on the host and disabling it from eth5 I'd rather just setup a restrictive iptables that only allows a host on the 172.16.0.0 network to be NAT'd but does not allow it to access any services running on the host (or access any of the devices on the other network)

Suggestions?

h.