Hi all,
I have a computer with potato that is a gateway for my intranet. It has real IP, while
the intranet has 192.168.1.x IP's.
Several services are running on it but I'd like only ssh, ntp and https to be
available to the outside world.
So, I thought this ipchains rules could help:
Chain input (policy REJECT):
target prot opt source destination ports
# accept everything from localhost
ACCEPT all ------ 127.0.0.1 0.0.0.0/0 n/a
# reply ping packets
ACCEPT icmp ------ 0.0.0.0/0 0.0.0.0/0 * -> *
# next 2 lines: accept tcp/udp all ports for internal network
ACCEPT tcp ------ 192.168.1.0/24 0.0.0.0/0 * -> *
ACCEPT udp ------ 192.168.1.0/24 0.0.0.0/0 * -> *
# allow ssh from outside
ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 22
# allow ntp from outside
ACCEPT udp ------ 0.0.0.0/0 0.0.0.0/0 * -> 123
# allow https from outside
ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 443
# does not accept outside coneections to postgres
REJECT tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 5432
# this next 2 lines I didn't understand why, but someone told me to put it to accept
response packets. what is this???
ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 1024:65535
ACCEPT udp ------ 0.0.0.0/0 0.0.0.0/0 * -> 1024:65535
Chain forward (policy MASQ):
Chain output (policy ACCEPT):
Do you think that is a safe configuration for ipchains to protect the computer from
the outside world? why do I need the last 2 lines of input chain?
Thanks in advance
Pedro
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
