Firewall help
Dan Ritter
dsr-mzpnVDyJpH4k7aNtvndDlA at public.gmane.org
Wed Mar 11 12:28:47 EDT 2009
On Wed, Mar 11, 2009 at 09:13:00AM -0700, Jared Carlson wrote:
> Afternoon,
>
> I was asked to help configure a Red Hat box to allow certain IP's to get past the firewall. Anyone have experience with that? We think the firewall is causing a slow connection and we have some remote users trying to SVN some large files and having some serious issues.
>
> Any help is great - thanks!
The all-purpose tutorial is here:
http://www.netfilter.org/
You'll want to start by dumping the existing firewall
configuration to see what it's doing:
iptables -L #general rules
iptables -L -t nat #nat rules
The three main rule chains are INPUT, FORWARD, and OUTPUT. On a
firewall, FORWARD is the most important. Each of these starts
with a default policy, which is usually ACCEPT or DENY. On a
firewall, you'll typically see DENY as the default policy on at
least INPUT and FORWARD.
After that, you make rules that go in a particular chain, that
start with a specification of what to act on
incoming NIC
outgoing NIC
source IP and/or port
destination IP and/or port
whether this opens a connection or is part of an existing
connection
and several other possibilities
and then tells what to do with packets that match the
specification: ACCEPT them, DROP them, LOG them, or jump to
another chain.
Does that help?
-dsr-
--
http://tao.merseine.nu/~dsr/eula.html is hereby incorporated by reference.
You can't defend freedom by getting rid of it.
More information about the Discuss
mailing list