LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page Debians router questions
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 12-28-2011, 03:46 PM   #1
razzera
Member
 
Registered: Dec 2009
Posts: 105

Rep: Reputation: 15
Debians router questions

Hello

I followed this guide: http://users.telenet.be/mydotcom/how...uter/linux.htm

To turn my debian machine into a router but my question is the following now:

1: i am wide open right now, right? nor protection?
2: if yes, what would you recommend that i installed to protect myself, what firewall?
3: how do i decide what ports to let trough/deny to wich IP in said firewall?
 
Old 12-29-2011, 05:46 PM   #2
eSelix
Senior Member
 
Registered: Oct 2009
Location: Wroclaw, Poland
Distribution: Arch, Kubuntu
Posts: 1,281

Rep: Reputation: 320Reputation: 320Reputation: 320Reputation: 320
The router means that a machine will redirect packets received from one network to another. It is useless on most desktop PC. So I assume this Debian machine is used for that purpose.
1. Without configured forwarding - not more or less without router.
2. You probably already have a good firewall, it is called iptables. But it is unconfigured by default. For start securing I recommend to block every new incomming connection and allowing only already established, like that:
Code:
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

iptables -A INPUT -i lo -j ACCEPT

iptables -A INPUT   -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT  -m state --state ESTABLISHED,RELATED -j ACCEPT
3. It depends what services you want to provide behind router. For example, to allow ssh connection (on standard port 22) from one network connected by eth0 to other on eth1, you must configure port forwarding (if you use NAT):
Code:
iptables -t nat -A PREROUTING -i eth0         -p tcp --dport 22 -j DNAT --to IP_OF_SSH_SERVER_IN_ETH1_NETWORK
iptables        -A FORWARD    -i eth0 -o eth1 -p tcp --dport 22 -d IP_OF_SSH_SERVER_IN_ETH1_NETWORK -m state --state NEW -j ACCEPT
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] old router behind new router, config questions linuxbird Linux - Networking 2 10-31-2010 08:26 AM
What is the process underneath debians automatic network setup? silverblimp Linux - Networking 2 05-25-2009 08:55 PM
Installing and configuring Debians Elzix Linux - Newbie 3 07-02-2007 12:05 PM
How do you start debians gui ? Nicarlo Linux - Newbie 22 08-26-2005 04:32 AM
Will Fedora have an install path like Debians? tenn_eric Fedora 0 12-23-2003 06:57 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:20 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration