Hi,
i have currently got a system setup at home looking like the following:
Please look in the title page for the link
if not please go to sendsspace.com/file/pqjvwg
If the image file does not work please visit the the link to download the diagram which shows all the connections.
The database server is listening on port 7926
The webserver is listening on port 3262
Currently i have all the machines connected to the firewall and they are all able to ping each other
the gateway is connected to the internet
the database server and the dns server form the intranet
i am configuring the firewall using iptables so i can get the intranet users to access TCP packets from the web but i dont want packets originating from the internet reaching the intranet users
i am also configuring the firewall so i can get the web server to access the internet (presumably we would only need this if we block all the packets e.g.
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
I would also like to block every other type of packet at the firewall, as i only want to allow TCP packets
so far i have attepmted the following on netkit and mirrored my network
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT DROP
#enable ip_forwarding
echo 1 > /proc/sys/net/ipv4/ip_forwarding
iptables -t filter -A FORWARD -p tcp --dport 7926 -j DROP - Drops everthing going to port 7926.
iptables -t filter -A FORWARD -p tcp --dport 7926 --source 146.192.168.254 -j ACCEPT
iptables -t filter -A FORWARD -p tcp --dport 3262 --source 146.192.168.254 -j ACCEPT
Any help with this will be much appreciated thanks.
01-22-2011
