Securing eth1 with IPTABLES
David Kreuter
dkreuter-q4+D78v0SMv8u52rGdhAxQ at public.gmane.org
Mon Mar 22 21:38:57 UTC 2004
I am using a RH9 linux machine as a router at home. ETH0 is my private
192.168.1.0/24 network.
ETH0 connects to Rogers on the 24.x.x.x network.
The following setup is working as a router (I can go from any point on
the 192.168.1.0/24 network
to the internet). I think however that my iptable is not securing my
linux machine. At this point I am
not running any servers on the linux machine that I care to have
internet enabled. I have included
responses from iptables -t nat -L -vn and iptables -L -vn.
What iptables command(s) do I need to secure my linux box and continue
allow internet access?
Thanks,
David
$ iptables -t nat -L -vn
Chain PREROUTING (policy ACCEPT 4347 packets, 234K bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 3587 packets, 215K bytes)
pkts bytes target prot opt in out source destination
711 49999 MASQUERADE all -- * eth1 0.0.0.0/0
0.0.0.0/0
0 0 MASQUERADE all -- * eth1 0.0.0.0/0
0.0.0.0/0
Chain OUTPUT (policy ACCEPT 3651 packets, 219K bytes)
pkts bytes target prot opt in out source
destination
$ iptables -L -vn
Chain INPUT (policy ACCEPT 216K packets, 14M bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
5248 531K ACCEPT all -- * * 192.168.1.0/24 0.0.0.0/0
5419 3133K ACCEPT all -- * * 0.0.0.0/0
192.168.1.0/24
0 0 DROP all -- * * !192.168.1.0/24 0.0.0.0/0
0 0 ACCEPT all -- * * 192.168.1.0/24 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0
192.168.1.0/24
0 0 DROP all -- * * !192.168.1.0/24 0.0.0.0/0
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Forward info'
Chain OUTPUT (policy ACCEPT 215K packets, 14M bytes)
pkts bytes target prot opt in out source
destination
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list