iptables / firewall query
Crucificator
crucificator at home.ro
Mon Nov 22 14:13:13 UTC 2004
Aseem Khurana wrote:
>Our Linux Admin is out for a week, my running server has gown down, a
>standby server has rhl.9, apache, php, mysql etc. setup and I need to put my
>machine on external IP. But I need help with the firewall config. I tried
>going through the iptables entires, and the linux-mini-firewall-howto, but
>couldn't get it in my bones and feel that I may as well goof something up.
>So I'm looking for help.
>
>The system has 2 NICs, one on local wire, and other would get the external
>IP. I need to make sure that the external client's-IP/IP-range should be the
>only one accessing a particular service of the server e.g. http/80, or
>ssh/22. And for the rest of the world... everything blocked. Along with this
>the local network's systems should be able to access everything as usual.
>What should I configure and how, please help.
>
>p.s. - My co. might need one more guy in the coming month, and if someone of
>you is from Chandigarh, and interested for a Job I can forward your resume
>as a sys. admn. Thx.
>
>thanks,
>Aseem.
>
>
>
I'm writing these quickly so if you get runtime errors check the spelling.
Change ip with relevant ip address
create a sh script and put these lines into it. From there you can do
whatever you want with them.
iptables -P INPUT DROP
iptables -A INPUT -s ip.ip.ip.ip/mask -p tcp --destination-port 80 -j
ACCEPT #web
iptables -A INPUT -s ip.ip.ip.ip/mask -p tcp --destination-port 22 -j
ACCEPT #ssh
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
More information about the redhat-list
mailing list