iptables forwarding: ignorance isn't always bliss

New to Debian (Or Linux in general)? Ask your questions here!

iptables forwarding: ignorance isn't always bliss

Postby n_hologram » 2017-08-27 02:18

I recently tinkered with an old laptop and got a hostapd hotspot running. I'd like to replace my current router since it's a bit old and figure this could be a cheaper option. However, I want to make sure I understand the Frankenstein-monster I've set-up before it's put to any serious use. My only concern lay with two iptables commands that were used to finally get internet on the connected clients. They originated from this Super User post:
Code: Select all
Forwarding enabled in iptables:
iptables -P FORWARD ACCEPT
iptables -F FORWARD

I've researched how iptables forwarding works, and it seems like this would be desirable as I intend for this to function as a NAT. But I wanted to present this question because there is a wealth of knowledge on this forum, and I could be missing something of which I'm simply not aware.

Tl;dr, I'd like to know if these two command are advisable for the firewall of a dedicated router. If not, what are some recommendations?
bester69 wrote:There is nothing to install in linux, from time to time i go to google searching for something fresh to install in linux, but, there is nothing
n_hologram
 
Posts: 204
Joined: 2013-06-16 00:10

Re: iptables forwarding: ignorance isn't always bliss

Postby dilberts_left_nut » 2017-08-27 05:04

Those two commands just set the default policy for the FORWARD chain to ACCEPT and the clear any other rules in it.
Unless you want to apply any specific restrictions (or logging), that will work fine.

I have some rules in my FORWARD chain to count traffic for internal machines, so I can see who's using all that data...
AdrianTM wrote:There's no hacker in my grandma...
User avatar
dilberts_left_nut
 
Posts: 4641
Joined: 2009-10-05 07:54
Location: enzed

Re: iptables forwarding: ignorance isn't always bliss

Postby n_hologram » 2017-08-29 15:44

Thank you for clarifying -- just wanted to make sure. Would you be willing to share the iptables commands that let you monitor your traffic? That sounds ideal.
bester69 wrote:There is nothing to install in linux, from time to time i go to google searching for something fresh to install in linux, but, there is nothing
n_hologram
 
Posts: 204
Joined: 2013-06-16 00:10


Return to Beginners Questions

Who is online

Users browsing this forum: golinux and 5 guests

fashionable