On 12/17/2003 8:49 PM, Vortex Bacolod wrote:
Hi pluggers,
Sorry for being makulit. I'm just not that well verse yet sa iptables kaya gusto ko sya gamitin. I hope you guys can help me.
Here is the situation, setup ako ng isang firewall server (may isang public IP), 1 dns server (may isang public IP), isang Web Server (may public ip din) and 1 mail server (walang public ip). Lahat naka RH 7.3. Tanong ko is iptables lang po.
Si firewall and DNS may 2 NIC.
firewall (eth0 may public ip x.x.x.x and eth1 private ip 192.168.0.1)
DNS (eth0 public ip x.x.x.x and eth1 private ip 192.168.0.2)
Web server (eth0 public ip x.x.x.x and eth1 ip 192.168.0.3
Mail (eth0 private ip lang na 192.168.0.4)
Note: private ip 192.168.0.n is the ip address of my workstations.
here is what i want. Lahat ng workstations pwede mag internet basta naka point ang gateway kay firewall and only limited ip address lang pwede mag ssh sa mga servers ko. Sa Web server naka install ang webmail (squirrelmail) pero binabato nya kay 192.168.0.4 (mail server) ang mga mails. If my local user is going to email, kay 192.168.0.4 sila dadaan (except if nasa labas sila of course access nila ang webmail sa webserver pero kinukuha pa rin kay 192.168.0.4 ang mga mails) pero si 192.168.0.4, since walang public ip, dumadaan pa sya kay firewall. I'm not sure pero i think this is port forwarding.
eto ngayon setup ng /etc/sysconfig/iptables
=========Firewall/DNS/WEB/Mail======================
###Mga workstations naka masquerade for outside connection### -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
###INPUT Policies ALLOW port 80 and 22### -A INPUT -s 192.168.0.10/32 -i eth1 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -i eth1 -p tcp -m tcp --dport 80 -j ACCEPT
#ALLOW DNS#
-A OUTPUT -p udp -o eth0 --dport 53 -j ACCEPT
-A INPUT -p udp -o eth0 --dport 53 -j ACCEPT
#DRop all not defined in the rule above#
-A INPUT -s 0/0 -d 0/0 -p tcp -j DROP
Guys correct me if i'm wrong. and please don't mock me. Di ako ganon ka well verse sa iptables. Hingi lang ako ng tulong.
Marc, I hope you read this. Salamat sa tulong mo before. Medyo nalilito pa rin ako e. Sana Matulungan mo ako ulit. Eto kasi by example na. Mas maiintindihan ko na kasi may example.
To others, i appreciate some help. Thanks in advance people.
--------------------------------- Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing
------------------------------------------------------------------------
-- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
-- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
