Re: outgoing 10.x.x.x packets being logged
From: H. S. (g_reate_xcalibur_at_yahoo.com)
Date: 05/19/04
- Next message: George Patton: "Re: need help re. office network install"
- Previous message: Matt: "Re: Problem with my DSL modem connection."
- In reply to: jack: "Re: outgoing 10.x.x.x packets being logged"
- Next in thread: jack: "Re: outgoing 10.x.x.x packets being logged"
- Reply: jack: "Re: outgoing 10.x.x.x packets being logged"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 18 May 2004 23:47:39 -0400
Apparently, _jack_, on 05/18/04 17:42,typed:
> It would be helpful to either tell us about the rules You have, or,
> even better, give a brief summary of what You think they are.
Okay, as I had promised earlier, here is my firewall:
The firewall does not use my ppp0 IP address. It knows ppp0 as external
interface and eth1 as internal interface with INTIP="192.168.0.2". My
internal lan is INTNET="192.168.0.0/24".
I check and load iptables related modules (using modprobe):
ip_tables
ip_conntrack
ip_conntrack_ftp
ip_conntrack_irc
iptable_nat
ip_nat_ftp
Then I disable ECN and enable IP forwarding, ip_dynaddr and tcp_syncookies.
Then I set all chains to DROP, delete and resest all chain. Then I make
some new chains mainly to log bad activity.
And then start my rulesets.
INPUT:
All traffic to lo is freely allowed.
All traffic coming on eth1 coming anywhere form internal IPs, going
anywhere (Universe) is allowed.
All traffic coming to ppp0 destined towards internal IP range is dropped
(such packets have no business over there, they should never be there in
the first place).
And data from Universe, coming into ppp0, which is related/established,
is allowed.
I accept icmp of types 0,3,11 and 8 only, and drop all others.
And I have allowed ssh from a specific range of IP's from my university.
On port 22.
All packets which make it till here are dropped silently.
OUTPUT:
lo traffic is unrestricted.
All traffic going to eth1 (internal nic) destined to internal lan IP
range is allowed.
All traffic going to eth1 from internal IP range to internal IP range is
allowed.
All traffic going to ppp0 (external NIC) coming from anywerhe but
destined to internal IP range is dropped.
All related/established traffic going to external NIC, eth0, is allowed.
All traffic going to ppp0 towards the IP ranges I have previously
allowed for ssh is allowed.
All the rest of the outbound traffic is dropped.
FORWARD:
All related/established traffic is forwarded.
All the rest is droppped.
Masquarading and NAT is enabled.
So that is my firewall, in words. Hopefully, this will be helpful in
tracking down my wierd packets' origin.
->HS
-- (Please remove all underscores from my email address to get the correct one. Apologies for the inconvenience, but this is to reduce spam.)
- Next message: George Patton: "Re: need help re. office network install"
- Previous message: Matt: "Re: Problem with my DSL modem connection."
- In reply to: jack: "Re: outgoing 10.x.x.x packets being logged"
- Next in thread: jack: "Re: outgoing 10.x.x.x packets being logged"
- Reply: jack: "Re: outgoing 10.x.x.x packets being logged"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
