[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain -->
- <!--x-date: Sun Jul 11 22:07:01 2004 -->
- <!--x-from-r13: Rbj.Vhefg ng zvaqfcevat.pbz (Rbj Vhefg) -->
- <!--x-message-id: [email protected] -->
- <!--x-reference: 1089564180.3900.7.camel@devel --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-subject: [ale] IPtables question -->
- <li><em>date</em>: Sun Jul 11 22:07:01 2004</li>
- <li><em>from</em>: Dow.Hurst at mindspring.com (Dow Hurst)</li>
- <li><em>in-reply-to</em>: <1089564180.3900.7.camel@devel></li>
- <li><em>references</em>: <1089564180.3900.7.camel@devel></li>
- <li><em>subject</em>: [ale] IPtables question</li>
>I just added a 3rd nic to my linux firewall. On that nic I hav it
>directly connected via cross-over to a server that is running an
>application. I did this because my customers will be using that
>application from the Internet. If for some reason someone was to gain
>access to that box I do not want them to be able to come back to the
>firewall and jump over to the 2nd nic to my company network.
>
>What would be a good rule that would allow all incoming traffic from
>the outside and 2nd nic to that box but would disallow any traffic
>originating from that machine?
>
>_______________________________________________
>Ale mailing list
>Ale at ale.org
><a rel="nofollow" href="http://www.ale.org/mailman/listinfo/ale";>http://www.ale.org/mailman/listinfo/ale</a>
>
>
>
To solve this effectively, you can try using Bob's iptables rules in his
book (2nd ed.) and adapt a second set of variables for the 3rd
interface. Diagram what you want to go where in map and work your way
thru his ruleset to make sure nothing violates the allowed pathways. I
didn't have a 3rd interface so could just test out the ruleset as is. I
only had to tweak one rule to allow incoming SSH connections to any IP
in the internal LAN and add one rule to allow access from what I called
the DMZ to a license server on the internal LAN. His egress and
loopback rules really make sense once you've worked thru them. It is
also a tested set of rules that you won't have to build yourself.
Dow
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="00335" href="msg00335.html">[ale] IPtables question</a></strong>
<ul><li><em>From:</em> Dow.Hurst at mindspring.com (Dow Hurst)</li></ul></li>
<li><strong><a name="00338" href="msg00338.html">[ale] IPtables question</a></strong>
<ul><li><em>From:</em> cfowler at outpostsentinel.com (Chris Fowler)</li></ul></li>
<li><strong><a name="00339" href="msg00339.html">[ale] IPtables question, OOPS File Attached</a></strong>
<ul><li><em>From:</em> cfowler at outpostsentinel.com (Chris Fowler)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00314" href="msg00314.html">[ale] IPtables question</a></strong>
<ul><li><em>From:</em> cfowler at outpostsentinel.com (Chris Fowler)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00332.html">(OT) Re[2]: [ale] GAH</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00334.html">[ale] OT: nakes DSL</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00321.html">[ale] IPtables question</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00335.html">[ale] IPtables question</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00333"><strong>Date</strong></a></li>
<li><a href="threads.html#00333"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>