iptables firewall
Jeremy Wakeman
cael-JTkAzvGkdyMrpQx6IzTi3laTQe2KTcn/ at public.gmane.org
Fri Jan 30 01:53:07 UTC 2004
On Thu, Jan 29, 2004 at 06:20:19PM -0600, Garth Meisel wrote:
> OK, sorry, my ISP has stopped ____ing around due to the 2 snowballs that fell
> off Frosty today and we can now begin this little quest.
>
> Which exact version of Coyote do you have? Standalone machine right? 2 NICS
> and what router after that?
> Normally, IPTables is set nearly perfectly for almost every SOHO application.
standalone machine, one floppy drive, no hd or cdrom, three realtek
8139 network cards. one is connected to a speedstream dsl modem, one is
connected to a linksys 5-port 10/100 router, and one is connected via
crossover cable to a compaq deskpro running debian woody (apache, sshd,
mangband).
The coyote linux is release version 2.06, with default network settings
(192.168.0.0 for internal network and 192.168.1.0 for dmz), and pppoe
for the internet connection. Support for dmz was added recently (2.05):
some of the settings didn't get saved correctly to disk when I used a
non-standard local network, so all network settings are default.
> First we need to check any and all firewall settings before going to
> IPTables. Then after that is done, we can get technical. : )
All iptables settings are done in the posted script
(www.polarhome.com/~cael/firewall.txt) as far as I can tell. None of the
coyote linux webadmin-friendly firewall or portforwarding files are used
at all, and I have made no attempt to change anything from the initial
installation, except to drop my firewall script onto the floppy in the
appropriate place.
There are no errors output when the script is run, unless I uncomment
the rules for the mangle tables (which don't work because the required
kernel module is not inserted???). As I said, everything *seems* to
work: internal network computers can access web pages, http server is
visible from the internet, and the dmz server can ping but not nmap the
internal network.
Anything I forgot to mention?
-Jeremy
--
Jeremy John Wakeman
cael-JTkAzvGkdyMrpQx6IzTi3laTQe2KTcn/@public.gmane.org
www.polarhome.com/~cael
linux registered user #125171
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list