Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Hello, I was given your address via a referal. I've got an issue with iptables that i'm wondering if someone can help with? I'm not an iptables guru, but i have set up routers before, using FreeBSD and it's pf firewall. My issue now is i have a CentOS firewall/gateway and that part is working fine. The script provided is below, my problem is the webserver and the ssh server i don't want running on the public interface, i want to move them off the gateway machine to another box, and port forward the traffic. I've googled and not found the syntax that'll do this with the file i have. Is there an easier way of maintaining iptables files? Thanks. Dave. # Generated by iptables-save v1.3.5 on Thu Aug 30 10:56:55 2007 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [9:1284] :LAN - [0:0] :WAN - [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT -A INPUT -p tcp -m tcp -i eth1 --dport 139 -m state --state NEW -j ACCEPT -A INPUT -p tcp -m tcp -i eth1 --dport 445 -m state --state NEW -j ACCEPT -A INPUT -p udp -m udp -i eth1 --dport 53 -m state --state NEW -j ACCEPT -A INPUT -p udp -m udp -i eth1 --dport 137 -m state --state NEW -j ACCEPT -A INPUT -p udp -m udp -i eth1 --dport 138 -m state --state NEW -j ACCEPT -A INPUT -j DROP -A FORWARD -i eth0 -j WAN -A FORWARD -i eth1 -j LAN -A FORWARD -j DROP -A OUTPUT -o lo -j ACCEPT -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o eth1 -m state --state NEW -j ACCEPT -A LAN -m state --state RELATED,ESTABLISHED -j ACCEPT -A LAN -m state --state NEW -j ACCEPT -A LAN -j ACCEPT -A WAN -m state --state RELATED,ESTABLISHED -j ACCEPT -A WAN -p tcp --dport 22 -m state --state NEW -j ACCEPT -A WAN -p tcp --dport 80 -m state --state NEW -j ACCEPT -A WAN -p tcp --dport 443 -m state --state NEW -j ACCEPT -A WAN -j DROP COMMIT *nat :PREROUTING ACCEPT [11:1792] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [1:116] -A POSTROUTING -o eth0 -j MASQUERADE COMMIT -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ Discuss mailing list [hidden email] http://lists.blu.org/mailman/listinfo/discuss
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |