We have a server running in a DMZ servicing intranet and extranet.
In the past we have blocked all traffic originating on the server from the
two internal networks we run (eth1 and eth2) but have accepted traffic
coming from the networks outside of the server. Eth0 is the direct
connection to the internet and a solid state firewall looks after port
redirection to eth0. No traffic is blocked on eth0 so that we can apply
patches and updates to the server (Mandriva 2007). The tables below have
done the job.
We now need to allow access to port 389 (Active Director) only, from the
DMZ server to an AD server on eth2. I am no good at this and was wondering
if someone could suggest the change/changes to the rules below to allow
this to happen.
|-------|
eth2-->-| |---eth0 <--> Internet
eth1-->-| |
|-------|
iptables -A INPUT -m state --state NEW -i eth2 -j ACCEPT
iptables -A INPUT -m state --state NEW -i eth1 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth2 -j ACCEPT
iptables -A INPUT -i eth1 -j ACCEPT
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth2 -j DROP
iptables -A OUTPUT -o eth1 -j DROP
Many thanks in advance.
Rick Phillips
--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web.com/ .
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
