Login or Register to Ask a Question and Join Our Community


Red Hat

running customised firewall -RHEL 4

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Linux Red Hat running customised firewall -RHEL 4
# 1  
Old 06-12-2008
running customised firewall -RHEL 4
I have created a custom firewall script in RHEL 4 .Let me explain the steps which i followed .


etho -Internal lan
eth1 -External lan


During the installtion of RHEL 4 ,i enabled Firewall and after booting to x windows i selected enable firewall and defined the defined and customised ports .

When my client systems tried to access the internet ,they could'nt access ,but when i ran the custom firewall script(fw) they could access .

Now the problem is that when i run the command

iptables -L ----- It processes the fw as well as the ports defined in the gui firewall

even the command service iptables status --- throws the same result.

How do i make ,linux run my customised firewall ,since it seems to run the inbilt iptables script.

The problemm is that i have defined some customised ports ,but when i try to access the ports which are not defined ,it accepts the connection .

Even the PREROUTING iptables command does not run,since i need to access a webserver on private lan configured on port 8080.

Can anybody help

Sud



**************************************************************************************************** **********************

#! /bin/sh
#
#
# Desc: FireWall Script for a Linux-Based Gateway System.
# This script considers the Host to be Gateway-With-FireWall,
# It takes a restrictive approach, thus allowing only the
# required ports & connections to pass thru.
#

#
# --- DECLARE ALLOWED PORTS --- #
#
# Allow Set-A:
TCP_ALLOW_A="20,21,22,80,81,110"
UDP_ALLOW_A="20,21,22,80,81,110"
#
#
# --- DECLARE VARIABLES ---
#
# Internal Interface/Internal LAN Adapter:
INTR=eth0
#
# External Interface/External (Public/Static-IP) Adapter:
EXTR=eth1
#
# Gateway/Firewall's Internal (LAN) IP:
IN_IP="192.168.3.111"
#
# Gateway/Firewall's External (Public/Static) IP:
OUT_IP="222.x.y.z"

#
# ISP's Gateway:
ISP_GT="222.x.y7.z"

#
# DNS/Nameserver-A:
DNS_A="205.x.y.z"

#
# DNS/Nameserver-A:
DNS_B="205.x.y1.z1"

#
# Trusted Host:
TRST_HOST="192.168.3.0/24"
#

TRST_EXT_HOST="222.x1.y1.z2"



#
# --- POLICY SETUP ---
#
# Flush Existing/Stale Rules (if any):
/sbin/iptables -F
/sbin/iptables -t filter -F
/sbin/iptables -t mangle -F
/sbin/iptables -t nat -F
modprobe ip_tables
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
#

service iptables stop
service iptables start
#



# Setup Restrictive Policy:
/sbin/iptables --policy INPUT DROP
/sbin/iptables --policy OUTPUT DROP
/sbin/iptables --policy FORWARD DROP
#


# -- Anti IP-Spoofing --*-
for f in /proc/sys/net/ipv4/conf/*/rp_filter;do
/bin/echo "1" > $f
done
#


# -- SYN-Flood Protection:
sysctl -w net.ipv4.tcp_syncookies=1
#

# -- IP-Forward Enable:
echo "1" > /proc/sys/net/ipv4/ip_forward
#
# -----*-----

# Allow local/loopback device traffic:
/sbin/iptables -A OUTPUT -s localhost -d localhost -j ACCEPT
/sbin/iptables -A INPUT -s localhost -d localhost -j ACCEPT
#

# Allow Ping/ICMP Packets:
/sbin/iptables -A INPUT -j ACCEPT
/sbin/iptables -A OUTPUT -j ACCEPT
#

#
# --- FireWall Rules ---
#
# INPUT Chain:-
# Accept SSH Connections from Trusted Host:
/sbin/iptables -t filter -A INPUT -i $INTR -s $TRST_HOST -p tcp --dport 22 -j ACCEPT
/sbin/iptables -t filter -A INPUT -i $INTR -s $TRST_HOST -p udp --dport 22 -j ACCEPT
#
/sbin/iptables -t filter -A OUTPUT -o $INTR -d $TRST_HOST -p tcp --sport 22 -j ACCEPT
/sbin/iptables -t filter -A OUTPUT -o $INTR -d $TRST_HOST -p udp --sport 22 -j ACCEPT

/sbin/iptables -t filter -A INPUT -i $EXTR -s $TRST_EXT_HOST -p tcp --dport 22 -j ACCEPT
/sbin/iptables -t filter -A INPUT -i $EXTR -s $TRST_EXT_HOST -p udp --dport 22 -j ACCEPT
#
/sbin/iptables -t filter -A OUTPUT -o $INTR -d $TRST_EXT_HOST -p tcp --sport 22 -j ACCEPT
/sbin/iptables -t filter -A OUTPUT -o $INTR -d $TRST_EXT_HOST -p udp --sport 22 -j ACCEPT
#

# Forward DNS Requests:


#not done yet

#
# FORWARD Chain:-


# Allow Connections from Valid (Allowed) Ports:


/sbin/iptables -t filter -A FORWARD -s 192.168.1.0/24 -p tcp -m state --state NEW -m multiport --dports $TCP_ALLOW_A -j ACCEPT

/sbin/iptables -t filter -A FORWARD -s 192.168.1.0/24 -p udp -m state --state NEW -m multiport --dports $UDP_ALLOW_A -j ACCEPT


# ---- -----------------------------------
# NOTE: DO NOT ADD/REMOVE ANYTHING AFTER THIS LINE:
# ---- -----------------------------------
#
# --- MASQUERADE All-CONNECTIONS ---
#
/sbin/iptables -t nat -A POSTROUTING -o $EXTR -j MASQUERADE
#
# --- --- --- END --- --- --- #
**************************************************************************************************** ************************
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Red Hat

RHEL 6, Spacewalk 2.3 unable to download RHEL 5 repo data

Hello all, I am having a bit of an issue on my Spacewalk installation. Some amplifying information is that it is Spacewalk 2.3 installed on a RHEL 6 machine and I am attempting to install/update a RHEL 5 channel/repository. I am fairly new to Spacewalk so I am still learning but this is what I... (3 Replies)
Discussion started by: jstone4646
3 Replies

2. Red Hat

I/O Error While Running SAS 9.2 on RHEL 6.2

Hi All, I am running SAS 9.2 on Red Hat Enterprise Linux 6.2 x86_64. At different stages in different programs I get the error below, which prevents my programs from running successfully: ERROR: Error closing file. File =. System Error Code = 5. I have almost no experience with Linux... (0 Replies)
Discussion started by: bgg
0 Replies

3. Red Hat

Error throwing while installing vsftpd package in rhel 6. using rhel 6 dvd.

Hi all, Im studying rhcsa as of now, so yum installation and dependencies are messing me to not workit out. i have dual os, win 7 & rhel 6. i have tried this installation of vsftpd package with rhel 6 dvd in VM rhel 6 in win 7 as well as host rhel 6.still the same issue. below error... (6 Replies)
Discussion started by: redhatlbug
6 Replies

4. Red Hat

Need help with Iptable/Firewall on RHEL.

Hi Gurus, I am facing an issue with firewalls on one of my Linux Box. Issue : Port 8001 looks open to me and there is a weblogic process running on it netstat -alnp | grep 8001 tcp 0 0 ::ffff:3.20.247.165:8001 :::* LISTEN 28768/java lsof -ni... (5 Replies)
Discussion started by: rama krishna
5 Replies

5. Red Hat

Does RHEL 5 provide a command to collect RHEL system log in single compress file?

Hi, I heard a command that can collect all RHEL 5 log in a single compress file before I forget. Does any body know...What the command is ? Thanks. (4 Replies)
Discussion started by: nnnnnnine
4 Replies

6. Shell Programming and Scripting

customised error message..

Hi, Below is the script that takes some value from the properties file and then move the file from files folder to output folder based upon the modification time of files(configurable N days value),now at the end I want to show a customised message that if no files are moved then it shows the... (1 Reply)
Discussion started by: rahul125
1 Replies

7. Red Hat

How to check the running snmp version in Rhel?

Hi, Please help me to understand how to check which snmp vesion(1, 2, 3) is configured on my rhel5 server. Regards, Aravind :) (2 Replies)
Discussion started by: arumon
2 Replies

8. Red Hat

Customised Output

I want some customised output of following command: $ls -a|sort gives output as filenames line by line. But I want the output as filenames aeperated by tab? How can I get this? Thanks in advance. (7 Replies)
Discussion started by: ashok.g
7 Replies

9. UNIX for Dummies Questions & Answers

customised filename

Hi, I am taking an output and redirecting it to a file name and this is a hourly or daily process , in this case, i want my file output as some logoutput_date_time.txt how can i form the file name like this for eg i am running this command now, so tail -f... (1 Reply)
Discussion started by: vasikaran
1 Replies

10. UNIX for Dummies Questions & Answers

customised functions...

I am going to build some commands/functions for common tasks that I have to perform (things like searching a filesystem for a certain string in a file). I intend to write these as unix scripts. Then adding the location of these to my path. How can I ensure that the variables specified when... (7 Replies)
Discussion started by: peter.herlihy
7 Replies
Login or Register to Ask a Question