Firewall help

Dan Ritter dsr-mzpnVDyJpH4k7aNtvndDlA at public.gmane.org
Wed Mar 11 12:28:47 EDT 2009


On Wed, Mar 11, 2009 at 09:13:00AM -0700, Jared Carlson wrote:
> Afternoon,
> 
> I was asked to help configure a Red Hat box to allow certain IP's to get past the firewall.  Anyone have experience with that?  We think the firewall is causing a slow connection and we have some remote users trying to SVN some large files and having some serious issues.
> 
> Any help is great - thanks!

The all-purpose tutorial is here:

http://www.netfilter.org/

You'll want to start by dumping the existing firewall
configuration to see what it's doing:

iptables -L		#general rules
iptables -L -t nat	#nat rules

The three main rule chains are INPUT, FORWARD, and OUTPUT. On a
firewall, FORWARD is the most important. Each of these starts
with a default policy, which is usually ACCEPT or DENY. On a
firewall, you'll typically see DENY as the default policy on at
least INPUT and FORWARD.

After that, you make rules that go in a particular chain, that
start with a specification of what to act on
  incoming NIC
  outgoing NIC
  source IP and/or port
  destination IP and/or port
  whether this opens a connection or is part of an existing
  connection
  and several other possibilities
and then tells what to do with packets that match the
specification: ACCEPT them, DROP them, LOG them, or jump to
another chain.

Does that help?

-dsr-

-- 
http://tao.merseine.nu/~dsr/eula.html is hereby incorporated by reference.

You can't defend freedom by getting rid of it.





More information about the Discuss mailing list