|
|
Sponsored Content
Special Forums
IP Networking
iptables configuration help
Post 302489900 by jack&jill on Saturday 22nd of January 2011 10:36:47 AM
01-22-2011
iptables configuration help
Hi,
i have currently got a system setup at home looking like the following:
Please look in the title page for the link
if not please go to sendsspace.com/file/pqjvwg
If the image file does not work please visit the the link to download the diagram which shows all the connections.
The database server is listening on port 7926
The webserver is listening on port 3262
Currently i have all the machines connected to the firewall and they are all able to ping each other
the gateway is connected to the internet
the database server and the dns server form the intranet
i am configuring the firewall using iptables so i can get the intranet users to access TCP packets from the web but i dont want packets originating from the internet reaching the intranet users
i am also configuring the firewall so i can get the web server to access the internet (presumably we would only need this if we block all the packets e.g.
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
I would also like to block every other type of packet at the firewall, as i only want to allow TCP packets
so far i have attepmted the following on netkit and mirrored my network
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT DROP
#enable ip_forwarding
echo 1 > /proc/sys/net/ipv4/ip_forwarding
iptables -t filter -A FORWARD -p tcp --dport 7926 -j DROP - Drops everthing going to port 7926.
iptables -t filter -A FORWARD -p tcp --dport 7926 --source 146.192.168.254 -j ACCEPT
iptables -t filter -A FORWARD -p tcp --dport 3262 --source 146.192.168.254 -j ACCEPT
Any help with this will be much appreciated thanks.
i have currently got a system setup at home looking like the following:
Please look in the title page for the link
if not please go to sendsspace.com/file/pqjvwg
If the image file does not work please visit the the link to download the diagram which shows all the connections.
The database server is listening on port 7926
The webserver is listening on port 3262
Currently i have all the machines connected to the firewall and they are all able to ping each other
the gateway is connected to the internet
the database server and the dns server form the intranet
i am configuring the firewall using iptables so i can get the intranet users to access TCP packets from the web but i dont want packets originating from the internet reaching the intranet users
i am also configuring the firewall so i can get the web server to access the internet (presumably we would only need this if we block all the packets e.g.
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
I would also like to block every other type of packet at the firewall, as i only want to allow TCP packets
so far i have attepmted the following on netkit and mirrored my network
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT DROP
#enable ip_forwarding
echo 1 > /proc/sys/net/ipv4/ip_forwarding
iptables -t filter -A FORWARD -p tcp --dport 7926 -j DROP - Drops everthing going to port 7926.
iptables -t filter -A FORWARD -p tcp --dport 7926 --source 146.192.168.254 -j ACCEPT
iptables -t filter -A FORWARD -p tcp --dport 3262 --source 146.192.168.254 -j ACCEPT
Any help with this will be much appreciated thanks.
|
|
9 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Can anyone please tell me anything about the following:
AIX O/S - IBM RS6000 server
I want to know where I can go to check and see how much RAM is intalled in the server, how many Processors are installed in the server, and how I can run a sar command to show me processor statistics?
I... (4 Replies)
Discussion started by: Docboyeee
4 Replies
2. BSD
HEllo,
I try to Launch OOO, but I have X configuration problem.
I 'm searching in man pages but if someone can help me...
Of course I set the DISPLAY as explain in the man page but with no more result: setenv DISPLAY myws:0
Thanks in advance (1 Reply)
Discussion started by: SoulCoder
1 Replies
3. Post Here to Contact Site Administrators and Moderators
how to configure servor dns on windows servor 2003 (0 Replies)
Discussion started by: djest
0 Replies
4. Linux
hello,
I don't know how to configure servor dns on linux,please help I thanck YOU (1 Reply)
Discussion started by: djest
1 Replies
5. AIX
I have an RS/6000 running AIX 5.3. I would like to get either dhcp client working or assigning it an ip would be fine as well. I have tried using smit to do it many times trying different things, and I can get an ip assigned but it doesn't communicate with the network or internet. I haven't been... (3 Replies)
Discussion started by: izzzy
3 Replies
6. SCO
I have a SCO 5.07 Server and I am trying to get it on my network. I have edited the /etc/hosts file and /etc/rc2.d/s99route . I has connectivity on the NIC card but not sure if I am forgetting another file. Thanks! (2 Replies)
Discussion started by: andrewd
2 Replies
7. Linux
I'm trying to setup OpenSUSE 11.0 as a PDC on a small test network at home.
So far it's sort of going good I guess. I'm setup SUSE and think I have configure Samba correct, well sort of. Not really what I was after. I wanted SUSE to act as a PDC and have a Windows XP machine be able to join... (1 Reply)
Discussion started by: woofie
1 Replies
8. Solaris
Hi All,
Please send the configuration for RSC in solaris.
Thanks and Regards, (3 Replies)
Discussion started by: lbreddy
3 Replies
9. SCO
Hi,
I am really new to the forum and for SCO as well. I have a burning situation here to know how to configure below list of hardware into SCO 5.0.7!!
EQUINOX 990209-1 ELS 16 PORT TERMINAL SERVER and
Seagate DAT Scorpion 24 - Tape drive ( 12 GB / ) DDS-3 SCSI
Can Any One Please Help Me... (11 Replies)
Discussion started by: Kanthi Kiran
11 Replies
LEARN ABOUT OPENDARWIN
iptables-apply
IPTABLES-APPLY(8) iptables 1.6.1 IPTABLES-APPLY(8) NAME
iptables-apply - a safer way to update iptables remotely SYNOPSIS
iptables-apply [-hV] [-t timeout] [-w savefile] {[rulesfile]|-c [runcmd]} DESCRIPTION
iptables-apply will try to apply a new rulesfile (as output by iptables-save, read by iptables-restore) or run a command to configure iptables and then prompt the user whether the changes are okay. If the new iptables rules cut the existing connection, the user will not be able to answer affirmatively. In this case, the script rolls back to the previous working iptables rules after the timeout expires. Successfully applied rules can also be written to savefile and later used to roll back to this state. This can be used to implement a store last good configuration mechanism when experimenting with an iptables setup script: iptables-apply -w /etc/network/iptables.up.rules -c /etc/network/iptables.up.run When called as ip6tables-apply, the script will use ip6tables-save/-restore and IPv6 default values instead. Default value for rulesfile is '/etc/network/iptables.up.rules'. OPTIONS
-t seconds, --timeout seconds Sets the timeout in seconds after which the script will roll back to the previous ruleset (default: 10). -w savefile, --write savefile Specify the savefile where successfully applied rules will be written to (default if empty string is given: /etc/network/iptables.up.rules). -c runcmd, --command runcmd Run command runcmd to configure iptables instead of applying a rulesfile (default: /etc/network/iptables.up.run). -h, --help Display usage information. -V, --version Display version information. SEE ALSO
iptables-restore(8), iptables-save(8), iptables(8). LEGALESE
Original iptables-apply - Copyright 2006 Martin F. Krafft <madduck@madduck.net>. Version 1.1 - Copyright 2010 GW <gw.2010@tnode.com or http://gw.tnode.com/>. This manual page was written by Martin F. Krafft <madduck@madduck.net> and extended by GW <gw.2010@tnode.com or http://gw.tnode.com/>. Permission is granted to copy, distribute and/or modify this document under the terms of the Artistic License 2.0. iptables 1.6.1 IPTABLES-APPLY(8)