Securing eth1 with IPTABLES

[David Kreuter]

I am using a RH9 linux machine as a router at home. ETH0 is my private 
192.168.1.0/24 network.
ETH0 connects to Rogers on the 24.x.x.x network.
The following setup is working as a router (I can go from any point on 
the 192.168.1.0/24 network
to the internet). I think however that my iptable is not securing my 
linux machine. At this point I am
not running any servers on the linux machine that I care to have 
internet enabled. I have included
responses from iptables -t nat -L -vn and iptables -L -vn.
What iptables command(s) do I need to secure my linux box and continue 
allow internet access?
Thanks,
David


$ iptables -t nat -L -vn
Chain PREROUTING (policy ACCEPT 4347 packets, 234K bytes)
 
pkts bytes target     prot opt in     out     source               
destination


Chain POSTROUTING (policy ACCEPT 3587 packets, 215K bytes)
 
pkts bytes target     prot opt in     out     source           destination
 711 49999 MASQUERADE  all  --  *     eth1    0.0.0.0/0        
0.0.0.0/0          
    
   0     0 MASQUERADE  all  --  *     eth1    0.0.0.0/0        
0.0.0.0/0          
 
Chain OUTPUT (policy ACCEPT 3651 packets, 219K bytes)
 
pkts bytes target     prot opt in     out     source               
destination

$ iptables -L -vn
Chain INPUT (policy ACCEPT 216K packets, 14M bytes)
 
pkts bytes target     prot opt in     out     source               
destination


Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 
pkts bytes target     prot opt in     out     source               
destination
5248  531K ACCEPT     all  --  *      *       192.168.1.0/24       0.0.0.0/0
5419 3133K ACCEPT     all  --  *      *       0.0.0.0/0            
192.168.1.0/24
   0     0 DROP       all  --  *      *      !192.168.1.0/24       0.0.0.0/0
   0     0 ACCEPT     all  --  *      *       192.168.1.0/24       0.0.0.0/0
   0     0 ACCEPT     all  --  *      *       0.0.0.0/0            
192.168.1.0/24
   0     0 DROP       all  --  *      *      !192.168.1.0/24       0.0.0.0/0
   0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
        LOG flags 0 level 6
   0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0
        LOG flags 0 level 6 prefix `Forward info'

Chain OUTPUT (policy ACCEPT 215K packets, 14M bytes)
 pkts bytes target     prot opt in     out     source               
destination        


--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml