l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
October 20: Web Application Hacking: How to Make and Break Security on the Web
Next Installfest:
TBD
Latest News:
Oct. 10: LUGOD Installfests coming again soon
Page last updated:
2002 Oct 04 15:09

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
[vox-tech] iptables
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vox-tech] iptables



Are there any iptables experts out there??? I have been
using ipchains in the past and it does not look like an
easy option with RH8.0.  I was hoping there was a tool
for this configuration, but I couldn't find it...

I tried a couple of examples on the web, but I couldn't
get anything working.  It could be that I was missing
something simple in the sample configurations because
it was 3 in the morning :-).  I don't think that my 
setup is too complicated, and I would appreciate some 
help getting this up and running.

I have eth0 on the Internet side with an external IP
address and eth1 on my internal net.  I want to NAT
the internal network and accept connections for SMTP,
SSH, and HTTP on the outside.  On the inside I want
to accept SMTP, SSH, HTTP, samba, and telnet.  I need
to have FTP on the outside, but only to a specific
range of addresses.  I would prefer to handle that in
tables, but I don't mind doing that with tcp wrappers.

I think that the only UDP packets that I need to have
to NAT are DNS queries/responses.

On the external ports that are not configured, I would
like to just drop or in some cases log access to ports
out of those ranges.

It would also be nice to reject and log connections
from localhost or from the trusted side coming from
or going to common irc ports.

I would hack at it until I got it working, but I am 
hosting a website for someone and long periods of 
downtime are not really an option on this box.

If worse comes to worse, I'll set up an HTTP proxy,
so my wife and I can browse the network while I figure
out iptables.

Joel
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!