Hi all, I have a computer with potato that is a gateway for my intranet. It has real IP, while the intranet has 192.168.1.x IP's. Several services are running on it but I'd like only ssh, ntp and https to be available to the outside world.
So, I thought this ipchains rules could help: Chain input (policy REJECT): target prot opt source destination ports # accept everything from localhost ACCEPT all ------ 127.0.0.1 0.0.0.0/0 n/a # reply ping packets ACCEPT icmp ------ 0.0.0.0/0 0.0.0.0/0 * -> * # next 2 lines: accept tcp/udp all ports for internal network ACCEPT tcp ------ 192.168.1.0/24 0.0.0.0/0 * -> * ACCEPT udp ------ 192.168.1.0/24 0.0.0.0/0 * -> * # allow ssh from outside ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 22 # allow ntp from outside ACCEPT udp ------ 0.0.0.0/0 0.0.0.0/0 * -> 123 # allow https from outside ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 443 # does not accept outside coneections to postgres REJECT tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 5432 # this next 2 lines I didn't understand why, but someone told me to put it to accept response packets. what is this??? ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0 * -> 1024:65535 ACCEPT udp ------ 0.0.0.0/0 0.0.0.0/0 * -> 1024:65535 Chain forward (policy MASQ): Chain output (policy ACCEPT): Do you think that is a safe configuration for ipchains to protect the computer from the outside world? why do I need the last 2 lines of input chain? Thanks in advance Pedro
