Hi, All
Now, I make my server as internet-gateway/firewall.
I need your help and you suggestion about more security.
Caz. i know my INPUT / OUTPUT Chain is open.
How can i make it more secure ?
Thank you very much
Pratchaya
My Network Diagram.
===============
ADSL Router <===> { eth1::: My Server :::: eth0 <===> Local network
(192.168.0.xx )
================================================== =========================*======================== ======
My Command line
===============
service iptables stop
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 3128
iptables -P FORWARD DROP
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -s 192.168.0.0/24 -m multiport -p
tcp --dport 53,80,110,143,443,993,995,3128 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -s 192.168.0.0/24 -m multiport -p
udp --dport 53,110,143,993,995,1863 -j ACCEPT
service iptables save
================================================== =========================*======================== ======
My Iptable List
===============
[root@firewall ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT tcp -- 192.168.0.0/24 anywhere multiport
dports domain,http,pop3,imap,https,imaps,pop3s,squid
ACCEPT udp -- 192.168.0.0/24 anywhere multiport
dports domain,pop3,imap,imaps,pop3s,1863
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@firewall ~]#
|
Similar Threads
Linear Mode
