Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

bridged firewall what am i doing?
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
revresxunil
Tux's lil' helper
Tux's lil' helper


Joined: 29 Sep 2002
Posts: 129
Location: UW Madison
PostPosted: Sun Aug 24, 2003 4:08 pm    Post subject: bridged firewall what am i doing? Reply with quote
Ok. Ive spent the past 3 days searching and searching for this.

Heres my situation.

I have a box that I setup a bridge br0. The network has one full subnet of public IP's. The bridge has in (eth0) from the internet and out (eth1) to the network which will all have public ip's.

I am stumped and also a newbie at iptables. I have all the patches and stuff to make it supposedly work with bridges... i found a site that had some rules that -sorta- worked (it denied access to everything inside the network).

Heres what im asking. I need some examples of how to:

Deny all incoming requests from the internet to the network. Allow all outgoing from the network to the internet... Then I want to add some rules that allow x.x.x.x on the network to be accessed from the internet on port 22, and x.x.x.y to be accessed from the internet on port 80... While we are at it, I want x.x.x.z to also be accessed from port 80 and 22.

Any other rules that are helpful in this situation would be nice too!

Can anyone give me some iptables rules that would work with this setup?

And also... can I use fwbuilder for this sort of bridged setup?

MUCH thanks if anyone can help me out.. Im totally out of places to look.
Back to top
View user's profile Send private message
revresxunil
Tux's lil' helper
Tux's lil' helper


Joined: 29 Sep 2002
Posts: 129
Location: UW Madison
PostPosted: Mon Aug 25, 2003 5:26 pm    Post subject: Reply with quote
iptables.sh:

Code:

# Clear old tables
iptables -F
iptables -X

# Connection tracking
iptables -I FORWARD -m state --state INVALID -j DROP
iptables -A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT

# What to allow on gentoo the server.
## Right now, we are ONLY allowing SSH through.
iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT

# allow all outbound traffic
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

#####################################
## HERES WHERE YOU WILL EDIT THINGS##
#####################################

# SERVICES ALLOWED
## -A append -p protocol -d destination -dport destination port -j accept/reject
#iptables -A FORWARD -p tcp -d x.x.x.x --dport 22 -j ACCEPT
#iptables -A FORWARD -p tcp -d x.x.x.x --dport 53 -j ACCEPT
#iptables -A FORWARD -p udp -d x.x.x.x --dport 53 -j ACCEPT

####################################
##   THATS ALL YOU NEED TO EDIT   ##
####################################

# Allow pinging
iptables -A FORWARD -p icmp -i eth0 -o eth1 -j ACCEPT

# Reject everything else
## gentoo server specific
iptables -A INPUT -i eth0 -j REJECT
## Bridge specific
iptables -A FORWARD -i eth0 -j REJECT

# restart service.
/etc/init.d/iptables save
/etc/init.d/iptables restart


Big thanks to blindsight from www.linuxquestions.org.

Update: 3:15 PM
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy