Anyone can help me for more secure. firewall.

---

• From: "Pratchaya" <pratchaya@xxxxxxxxxxxx>
• Date: 25 Jan 2006 11:55:32 -0800

---

Hi, All

Now, I make my server as internet-gateway/firewall.

I need your help and you suggestion about more security.
Caz. i know my INPUT / OUTPUT Chain is open.
How can i make it more secure ?


Thank you very much
Pratchaya



My Network Diagram.
===============


ADSL Router <===> { eth1::: My Server :::: eth0 <===> Local network
(192.168.0.xx )


===========================================================================­==============================

My Command line
===============


service iptables stop
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 3128
iptables -P FORWARD DROP
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -s 192.168.0.0/24 -m multiport -p
tcp --dport 53,80,110,143,443,993,995,3128 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -s 192.168.0.0/24 -m multiport -p
udp --dport 53,110,143,993,995,1863 -j ACCEPT
service iptables save


===========================================================================­==============================

My Iptable List
===============


[root@firewall ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination


Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT tcp -- 192.168.0.0/24 anywhere multiport
dports domain,http,pop3,imap,https,imaps,pop3s,squid
ACCEPT udp -- 192.168.0.0/24 anywhere multiport
dports domain,pop3,imap,imaps,pop3s,1863


Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@firewall ~]#

.

---

• Prev by Date: Re: Getting vsftpd on Redhat 9 to work
• Next by Date: USB Harddisk
• Previous by thread: dual boot with no current /boot partition
• Next by thread: USB Harddisk
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Iptables not saving... ... Chain FORWARD (policy ACCEPT) ... Chain OUTPUT ... You want to direct its output to where iptables normally ... (Fedora) Re: Iptables not saving... ... Chain FORWARD (policy ACCEPT) ... Chain OUTPUT ... You want to direct its output to where iptables normally ... (Fedora) Re: some reality about iptables, please ... > That's the 'plumbing' level access to iptables which works for all Linux kernels supporting iptables, ... Chain POSTROUTING (policy DROP) ... DROPl all --!192.168.174.0/24 anywhere ... (Debian-User) Re: IP Masquerading ... here's the first third of the iptables listing (I'll send more if ... Chain FORWARD (policy DROP) ... The windows boxes seem to be getting their ... (alt.os.linux.suse) Re: iptable firewall problems ... >> The box is unable to route anything to the internal machines but is able ... >> Since all i did to mess it up was play with iptables i would imagine ... Chain FORWARD (policy ACCEPT) ... (comp.security.firewalls)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

linux.derkeiler.com  > Newsgroups  > linux.redhat  > 2006-01