[SLE] [General] Rules for firewall?

From: Rikard Johnels (rikjoh_at_norweb.se)
Date: 09/30/04

  • Next message: Miguel Albuquerque: "[SLE] boot options" 
    To: suse-linux-e@suse.com
Date: Thu, 30 Sep 2004 13:06:02 +0200

    Hi all!
    I dont know if this is the right list, but here goes.

    I am fairly new to firewalling and iptables.
    I have a setup as follows:

    firewall: red eth0 external interface (adsl, dhcp)
      yellow eth1 dmz interface
      green eth2 internal interface

    On dmz is a combined server running
    web/ mysql/ ftp/ caching dns/ time/ outgoing mail and nfs server
    I only want web/ftp to be available from red

    All other services is for green (and yellow) network

    I have several machines on green (So i guess i want NAT there)
    One Linux server with NFS
    Three linux ones running gnomemeeting amsn and licq
    Two windows ones running Netmeeting, MSN, ICQ
    All machines run bittorrent, limewire and dc++

    I want ssh access to all boxes
    I want to be able to run all communicationservices from arbitrary box.
    All internal boxes shall use time/ dns/ outgoing mail om the dmz server

    The firewall is to be locked down for user login only via ssh.
    Anything to be done is sudo'ne
    (note to self, find out how to lock ssh to userlogin only)
    But i want access from red to firewall so i can "jump" to green and yellow if
    needed.

    I want as full access as possible from green to red

    I have read the SuSEFirewall2 docs in /usr/share/docs/packages/SuSEFirewall2
    but i cant figure it out..
    What so set, what to add/remove..

    Any pointers on where to start learning?
    Any pointers on how to set it up? 

    -- 
         /Rikard
------------------------------------------------------------------------------------
Rikard Johnels          email   : rikjoh@norweb.se
                        Web     : http://www.rikjoh.com
                        Mob     : +46 735 05 51 01
------------------------ Public PGP fingerprint ----------------------------
< 15 28 DF 78 67 98 B2 16 1F D3 FD C5 59 D4 B6 78  46 1C EE 56 >
-- 
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@suse.com
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@suse.com
  • Next message: Miguel Albuquerque: "[SLE] boot options"

    Relevant Pages

    • Re: need help for setting SSH Server for Windows XP
      ... In my windows firewall proper ports are opened. ... Changing from port 22 to ports 80, 443 also doesn't give any results. ... static LAN IP of the server PC. ... It is *NOT* a valid test to call the SSH server PC from another ...
      (microsoft.public.windowsxp.work_remotely)
    • Re: CEICW fails at firewall config
      ... Do you or do you not have ISA 2000 or ISA 2004 installed on the SBS server? ... Do you have 2 NICs in the SBS? ... CEICW fails on firewall configuration every time. ... >>> Call to Creating the protected networks access rule returned ok. ...
      (microsoft.public.windows.server.sbs)
    • Re: Unable to join AD domain from DMZ network
      ... To me that points to something outside the machine (Firewall most likely culprit) ... > the captured traffic between the server in DMZ to the DC from internal ... >>> authentication from DMZ to 2003 AD internal network. ...
      (microsoft.public.windows.server.active_directory)
    • Re: Recycler security issues on IIS server
      ... > latest upates to the server. ... > like to see the server put behind our firewall, ... other software, install all patches, IISlockdown, URLscan, use the correct ... the procedures you follow may vary depending on your security needs. ...
      (microsoft.public.inetserver.iis.security)
    • Re: ssh security question
      ... Someone is attempting to use a dictionary or brute-force attack against your SSH server. ... Recently - I was away from the office - and enabled port 22 on the firewall - so I could access the centos server remotely. ...
      (SSH)