Squeebee
asked on
IPtables rules needed
Hi Everybody!
Ok, lotsa points cause with everything else I have on my plate I have no time to learn IPtables at all right now and need pretty detailed responses.
Got a server:
incoming:
SSH
FTP
Web server on 80
I would like FTP to be active(? - as in I can do multiple downloads at the same time by connecting on higher ports)
I need to be able to ftp out from the server, and my web scripts need to connect to a pop3 server.
The box does not need to NAT anything or porcess any traffic outside of itself.
I have command line and webmin to implement your solutions.
Ok, lotsa points cause with everything else I have on my plate I have no time to learn IPtables at all right now and need pretty detailed responses.
Got a server:
incoming:
SSH
FTP
Web server on 80
I would like FTP to be active(? - as in I can do multiple downloads at the same time by connecting on higher ports)
I need to be able to ftp out from the server, and my web scripts need to connect to a pop3 server.
The box does not need to NAT anything or porcess any traffic outside of itself.
I have command line and webmin to implement your solutions.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have actually managed to build the firewall myself thanks to a fairly easy interface in webmin. I will split points between the two of you for bothering to help, thanks.
whow, didn't expect to be graded here. The answer was by jlevie.
Thanks anyway, and good luck.
Thanks anyway, and good luck.
ahoffman,
On a host firewall routing would be not be enabled so I see no no point in messing with the FORWARD chain.
On a host firewall routing would be not be enabled so I see no no point in messing with the FORWARD chain.
ASKER
ahoffman:
Eh, they are only points, might as well spread them around.
Eh, they are only points, might as well spread them around.
only points, nothing more ?!
jlevie, my DROP policy is secure/paranoid security, just in case someone enables routing and does not check the firewall (have seen admins doing this sevaral times):
jlevie, my DROP policy is secure/paranoid security, just in case someone enables routing and does not check the firewall (have seen admins doing this sevaral times):
ASKER