DMZ for logging
I hope to find experienced iptables users here who can tell me if this
idea is something I could setup with iptables.
I'd like to get a real good idea of what is coming at me from the
internet. Is there a technique where all incoming connections are
copied to a separate server that uses iptables to sort categorize and
log incoming traffic, but then drops it. At least the portion that is
at all suspect in any way.
After a while I would start to know what is just taking up log space
for no good reason and what is actually something likely to be
malicious in intent.
I want a first hand look at what comes down the pipe.
- RE: A question about a basic security setup...
... A question about a basic security setup... ... > I was thinking of running iptables on the dual homed host, ... What you are looking for here, is an "application proxy" type firewall. ...
- Re: DMZ for logging
... weak understanding of what happens at firewalls, ... idea is something I could setup with iptables. ... get in using whatever kinds of packets. ... So in general you are running/maintaining your own iptables setup right? ...
- Re: Security....
... >The Portsentry setup is to block those people who are going to attack ... >port on which you have a service listening. ... Setup iptables with the following ... The second one opens up the return path for connections established by ...
- DNAT packets not getting to FORWARD chain
... Anyway, its a simple setup (the smoothwalls, fyi are a red hat flavour ... kernel 2.4.26, iptables v1.2.8) ... The chain policy count is zero, as are the counts for all rules in the ... packets supposedly been readdressed to 192.168.1.40 (an address I can ping ...
- Re: IPTABLES - Allow Internal HOST with Public IP through Firewall
... I have setup and Ubuntu 8.04 Server running ... It is running DHCP, NAT, DNS, Squid ... I have been told that ebox can not configure this for me and I have no ... idea what I'm doing in IPTABLES. ...