[ale] iptables firewall/nat
charrig at earthlink.net
Tue Oct 16 15:54:04 EDT 2001
I did decide to stay with the ipchains as you suggested. I got it setup to a
point that I feel that it's fairly secure but I'm open to suggestions. I've
included my /etc/sysconfig/ipchains file. Please comment add/remove as you
guys think might be useful/required. Thanks.
-A input -s 0/0 -d 0/0 -i lo -j ACCEPT
-A input -s 0/0 -d 0/0 -i eth0 -j ACCEPT
-A input -s 22.214.171.124 53 -d 0/0 -p udp -j ACCEPT
-A input -s 126.96.36.199 53 -d 0/0 -p udp -j ACCEPT
-A input -s 0/0 -d 0/0 :1022 -p tcp -y -j REJECT
-A input -s 0/0 -d 0/0 :1022 -p udp -j REJECT
-A input -s 0/0 -d 0/0 6000:6010 -p tcp -j REJECT
-A input -s 0/0 -d 0/0 6000:6010 -p udp -j REJECT
-P forward DENY
-A forward -i ppp0 -j MASQ
On Tuesday 16 October 2001 02:42 pm, you wrote:
> Stick with Ipchains as there is stateful modules such as ipconntrack_ftp
> for it that will give you everything in iptables without the confusion.
> You need to give ipchains the MASQ option in your forwarding policy.
> Calvin Harrigan wrote:
> > Did anything ever come of that discussion a few weeks ago about a basic
> > firewalling system? I would like to implement a firewall using iptables
> > and also at NAT capabilities to it. Any links ideas, and so forth. I
> > will be implementing on RH 7.1
> > The default high security option during the install does a pretty good
> > job, but it doesn't do NAT and it uses ipchains. I'm not sure how to add
> > nat to the ipchains implementation. Thanks for the help.
> > Calvin
> > --
> > Signature?
> > No thank you...
> > ---
> > This message has been sent through the ALE general discussion list.
> > See http://www.ale.org/mailing-lists.shtml for more info. Problems should
> > be sent to listmaster at ale dot org.
No thank you...
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale