iptables

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read how to get help
sway
Level 1
Level 1
Posts: 2
Joined: Fri Sep 19, 2008 12:49 am

iptables

Postby sway » Fri Sep 19, 2008 12:57 am

I am new to Linux and using Linux Daryna. I want to create a firewall on several boxes that limits the network access to two servers which both have static IP addresses.

The Linux box also needs access to the DHCP server for dynamic IP Do I do this by allowing all traffic on port 53?

I have figured out how to stop all traffic but can't get it down to the 2 IPs I want to access.

I Working on a gbox for a Library catalog box so it can only access the library servers and nothing else.

Thanks

Newby Sue

Husse
Level 23
Level 23
Posts: 19593
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Re: iptables

Postby Husse » Fri Sep 19, 2008 6:08 am

You are right about port 53
Install Firestarter or some such (ufw is installed by default but I think it's to tricky to use)
In Firestarter > Policy > Outbound > Restrictive by default > Allow > Add your two servers (Right click)
All (?) firewalls in Linux are, as you indicate, a means to edit iptables
Image
Don't fix it if it ain't broken, don't break it if you can't fix it

sway
Level 1
Level 1
Posts: 2
Joined: Fri Sep 19, 2008 12:49 am

Re: iptables

Postby sway » Sun Sep 21, 2008 8:19 pm

Thanks heaps.
I was hoping to learn more and create a script.

We want minimal software on the Box and am I right in assuming that it will be more secure if I run a script while booting.
We are a University and have lots of IT students happy to try and break stuff :-)

Am I right that the order that I add things to the script is the order they will be processed?

If so then if I Flush the iptables first
Allow TCP and UDP from prot 53 for the DHCP
Then allow the INPUT from the two servers that I require
Then DROP everything else

Cheers.
:-)

Husse
Level 23
Level 23
Posts: 19593
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Re: iptables

Postby Husse » Mon Sep 22, 2008 5:53 am

Seems right to me but I'm no expert only somewhat knowledgeable :)
Image
Don't fix it if it ain't broken, don't break it if you can't fix it


Return to “Newbie Questions”

Who is online

Users browsing this forum: alankearn, killer de bug, olduncle, Pierre, wmk and 8 guests