[vox-tech] iptables
Joel Baumert
vox-tech@lists.lugod.org
Fri, 4 Oct 2002 09:07:13 -0700
Are there any iptables experts out there??? I have been
using ipchains in the past and it does not look like an
easy option with RH8.0. I was hoping there was a tool
for this configuration, but I couldn't find it...
I tried a couple of examples on the web, but I couldn't
get anything working. It could be that I was missing
something simple in the sample configurations because
it was 3 in the morning :-). I don't think that my
setup is too complicated, and I would appreciate some
help getting this up and running.
I have eth0 on the Internet side with an external IP
address and eth1 on my internal net. I want to NAT
the internal network and accept connections for SMTP,
SSH, and HTTP on the outside. On the inside I want
to accept SMTP, SSH, HTTP, samba, and telnet. I need
to have FTP on the outside, but only to a specific
range of addresses. I would prefer to handle that in
tables, but I don't mind doing that with tcp wrappers.
I think that the only UDP packets that I need to have
to NAT are DNS queries/responses.
On the external ports that are not configured, I would
like to just drop or in some cases log access to ports
out of those ranges.
It would also be nice to reject and log connections
from localhost or from the trusted side coming from
or going to common irc ports.
I would hack at it until I got it working, but I am
hosting a website for someone and long periods of
downtime are not really an option on this box.
If worse comes to worse, I'll set up an HTTP proxy,
so my wife and I can browse the network while I figure
out iptables.
Joel