l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2002 Oct 04 15:09

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
[vox-tech] iptables
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vox-tech] iptables

Are there any iptables experts out there??? I have been
using ipchains in the past and it does not look like an
easy option with RH8.0.  I was hoping there was a tool
for this configuration, but I couldn't find it...

I tried a couple of examples on the web, but I couldn't
get anything working.  It could be that I was missing
something simple in the sample configurations because
it was 3 in the morning :-).  I don't think that my 
setup is too complicated, and I would appreciate some 
help getting this up and running.

I have eth0 on the Internet side with an external IP
address and eth1 on my internal net.  I want to NAT
the internal network and accept connections for SMTP,
SSH, and HTTP on the outside.  On the inside I want
to accept SMTP, SSH, HTTP, samba, and telnet.  I need
to have FTP on the outside, but only to a specific
range of addresses.  I would prefer to handle that in
tables, but I don't mind doing that with tcp wrappers.

I think that the only UDP packets that I need to have
to NAT are DNS queries/responses.

On the external ports that are not configured, I would
like to just drop or in some cases log access to ports
out of those ranges.

It would also be nice to reject and log connections
from localhost or from the trusted side coming from
or going to common irc ports.

I would hack at it until I got it working, but I am 
hosting a website for someone and long periods of 
downtime are not really an option on this box.

If worse comes to worse, I'll set up an HTTP proxy,
so my wife and I can browse the network while I figure
out iptables.

vox-tech mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.