Re: [SLE] [General] Rules for firewall?
From: Ken Schneider (suselist-e_at_rtsx.com)
Date: 09/30/04
- Previous message: Miguel Albuquerque: "[SLE] boot options"
- In reply to: Rikard Johnels: "[SLE] [General] Rules for firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: suse-linux-e@suse.com Date: Thu, 30 Sep 2004 07:27:08 -0400
On Thu, 2004-09-30 at 07:06, Rikard Johnels wrote:
> Hi all!
> I dont know if this is the right list, but here goes.
>
> I am fairly new to firewalling and iptables.
> I have a setup as follows:
>
> firewall: red eth0 external interface (adsl, dhcp)
> yellow eth1 dmz interface
> green eth2 internal interface
>
> On dmz is a combined server running
> web/ mysql/ ftp/ caching dns/ time/ outgoing mail and nfs server
> I only want web/ftp to be available from red
Then only put those services on red or risk someone gaining access to
the others. Put the other services on an internal box.
>
> All other services is for green (and yellow) network
>
> I have several machines on green (So i guess i want NAT there)
> One Linux server with NFS
> Three linux ones running gnomemeeting amsn and licq
> Two windows ones running Netmeeting, MSN, ICQ
> All machines run bittorrent, limewire and dc++
>
> I want ssh access to all boxes
except the windows boxes unless you run cgywin
> I want to be able to run all communication services from arbitrary box.
> All internal boxes shall use time/ dns/ outgoing mail on the dmz server
>
> The firewall is to be locked down for user login only via ssh.
> Anything to be done is sudo'ne
> (note to self, find out how to lock ssh to userlogin only)
Use a -long- password using a lot of special characters such as !@#$%&
and don't share the password, also change it often.
> But i want access from red to firewall so i can "jump" to green and yellow if
> needed.
>
> I want as full access as possible from green to red
Then don't block any outbound traffic.
>
> I have read the SuSEFirewall2 docs in /usr/share/docs/packages/SuSEFirewall2
> but i cant figure it out..
> What so set, what to add/remove..
>
> Any pointers on where to start learning?
> Any pointers on how to set it up?
> --
> /Rikard
-- Ken Schneider unix user since 1989 linux user since 1994 SuSE user since 1998 (5.2) * PLEASE only reply to the list * -- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
- Previous message: Miguel Albuquerque: "[SLE] boot options"
- In reply to: Rikard Johnels: "[SLE] [General] Rules for firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
