LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 12-15-2009, 10:20 AM   #1
MikeHammer
Member
 
Registered: Dec 2009
Posts: 61

Rep: Reputation: 15
DMZ and iptables breaks my head!!! Avanced Help please!!!!


Please, somebody can help me???

I ask you apologize for shoot you with this "pack", but before come here I had saw lots of forums and I have used google more than in my life, for resolve this problem...

Could someone checking this script of iptables and says me what's the matter with the rules?? Why I only see the webpages from the IP address of LAN BUT NOT from outside, from Internet??

Now I'm get strong headaches, it's guilt of iptables on a DMZwebserver - LAN - INET from ISP.

Structure
|eth0: Internet ISP DHCP |
|eth1: router-firewall-squid-samba-LAN trusted |
|eth2: DMZ webserver-bind9 |

All the conectivity ethernet and TCP/IP works fine on the network.

After I spend three weeks with this trouble, my ignorance has won!!!!

I know that the IPTABLES script is very long and complex (that not means which to be good... ) BUT FOR THIS REASON I NEED HELP!!!!!!!!!!!
------------Paste script iptables---------------------------

#!/bin/sh

#Debug
#set -x

#
/sbin/iptables -F
/sbin/iptables -X
/sbin/iptables -Z
/sbin/iptables -t nat -F
/sbin/iptables -t nat -X
/sbin/iptables -t nat -Z
/sbin/iptables -t mangle -F
/sbin/iptables -t mangle -X
/sbin/iptables -t mangle -Z

# 1.1 Internet Configuration.
#

INET_IFACE="eth0"
INET_IP=200.xxx.xxx.89
INET_BROADCAST="255.255.255.255"
HTTP_IP=200.xxx.xxx.89
DNS_IP=200.xxx.xxx.89

#
# 1.2 Local Area Network configuration.
#
# your LAN's IP range and localhost IP. /24 means to only use the first 24
# bits of the 32 bit IP address. the same as netmask 255.255.255.0
#

LAN_IFACE="eth1"
LAN_IP="192.168.111.1"
LAN_IP_RANGE="192.168.111.0/24"

#
# 1.3 DMZ Configuration.
#

DMZ_HTTP_IP="192.168.222.22"
DMZ_DNS_IP="192.168.222.22"
DMZ_IP="192.168.222.21"
DMZ_IFACE="eth2"
#

#
# 1.4 Localhost Configuration.
#

LO_IFACE="lo"
LO_IP="127.0.0.1"

#
#

#NAMESERVER_1="x.x.x.x"
#NAMESERVER_2="x.x.x.x"
#BROADCAST="x.x.x.255"
#LOOPBACK="127.0.0.0/8"
CLASS_A="10.0.0.0/8"
CLASS_B="172.16.0.0/12"
CLASS_C="192.168.0.0/16"
CLASS_D_MULTICAST="224.0.0.0/4"
CLASS_E_RESERVED_NET="240.0.0.0/5"
P_PORTS="0:1023"
UP_PORTS="1024:65535"
TR_SRC_PORTS="32769:65535"
TR_DEST_PORTS="33434:33523"
#
# 1.5 IPTables Configuration.
#
IPTABLES="/sbin/iptables"
#
# 1.6 Other Configuration.
#
###########################################################################
#
# 2. Module loading.
#
#
# Needed to initially load modules
#
#
/sbin/depmod -a
#
#
# 2.1 Required modules
#
#
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_mangle
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_LOG
/sbin/modprobe ipt_limit
/sbin/modprobe ipt_state
#
# 2.2 Non-Required modules
#
#/sbin/modprobe ipt_owner
#/sbin/modprobe ipt_REJECT
#/sbin/modprobe ipt_MASQUERADE
#/sbin/modprobe ip_conntrack_ftp
#/sbin/modprobe ip_conntrack_irc
#/sbin/modprobe ip_nat_ftp
#/sbin/modprobe ip_nat_irc
###########################################################################
#
# 3. /proc set up.
#
#
# 3.1 Required proc configuration
#
# Don't accept source routed packets. Attackers can use source routing to generate
# traffic pretending to be from inside your network, but which is routed back along
# the path from which it came, namely outside, so attackers can compromise your
# network. Source routing is rarely used for legitimate purposes.
echo "0" > /proc/sys/net/ipv4/conf/all/accept_source_route
# Disable broadcast
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
# Disable ping
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
# Disable redir ping
echo "0" > /proc/sys/net/ipv4/conf/all/accept_redirects
# Register strange access, fakes ..
echo "1" > /proc/sys/net/ipv4/conf/all/log_martians
#
echo "1" > /proc/sys/net/ipv4/ip_forward
#
# 3.2 Non-Required proc configuration
#
#echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter
#echo "1" > /proc/sys/net/ipv4/conf/all/proxy_arp
#echo "1" > /proc/sys/net/ipv4/ip_dynaddr
###########################################################################
#
# 4. rules set up.
#
##########################################################################
######
# 4.1 Filter table
#
# 4.1.1 Set policies
#
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -P FORWARD DROP
#
# 4.1.2 Create userspecified chains
#
# Create chain for bad tcp packets
#
$IPTABLES -N bad_tcp_packets
#
# Create separate chains for ICMP, TCP and UDP to traverse
#
$IPTABLES -N allowed
$IPTABLES -N tcp_packets
$IPTABLES -N udp_packets
$IPTABLES -N icmp_packets
#
# 4.1.3 Create content in userspecified chains
#
# bad_tcp_packets chain
#
$IPTABLES -A bad_tcp_packets -p tcp --tcp-flags SYN,ACK SYN,ACK \
-m state --state NEW -j REJECT --reject-with tcp-reset
$IPTABLES -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j LOG \
--log-prefix "New not syn:"
$IPTABLES -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j DROP
#
# allowed chain
#
$IPTABLES -A allowed -p TCP --syn -j ACCEPT
$IPTABLES -A allowed -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A allowed -p TCP -j DROP
#
# FRAGMENTS
# I have to say that fragments scare me more than anything.
# Sending lots of non-first fragments was what allowed Jolt2 to effectively "drown"
# Firewall-1. Fragments can be overlapped, and the subsequent interpretation of such
# fragments is very OS-dependent (see this paper for details).
# I am not going to trust any fragments.
# Log fragments just to see if we get any, and deny them too.
$IPTABLES -A INPUT -i $INET_IFACE -f -j LOG --log-prefix "IPTABLES FRAGMENTS: "
$IPTABLES -A INPUT -i $INET_IFACE -f -j DROP
#
# SPOOFING
# Most of this anti-spoofing stuff is theoretically not really necessary with the flags we
# have set in the kernel above ........... but you never know there isn't a bug somewhere in
# your IP stack.
#
$IPTABLES -A INPUT -i $LO_IFACE -s $LO_IP -j ACCEPT
# Refuse spoofed packets pretending to be from your IP address.
$IPTABLES -A INPUT -i $INET_IFACE -s $INET_IP -j DROP
# Refuse packets claiming to be from a Class A private network.
$IPTABLES -A INPUT -i $INET_IFACE -s $CLASS_A -j DROP
# Refuse packets claiming to be from a Class B private network.
$IPTABLES -A INPUT -i $INET_IFACE -s $CLASS_B -j DROP
# Refuse packets claiming to be from a Class C private network.
$IPTABLES -A INPUT -i $INET_IFACE -s $CLASS_C -j DROP
# Refuse Class D multicast addresses. Multicast is illegal as a source address.
$IPTABLES -A INPUT -i $INET_IFACE -s $CLASS_D_MULTICAST -j DROP
# Refuse Class E reserved IP addresses.
$IPTABLES -A INPUT -i $INET_IFACE -s $CLASS_E_RESERVED_NET -j DROP
# Refuse packets claiming to be to the loopback interface.
# Refusing packets claiming to be to the loopback interface protects against
# source quench, whereby a machine can be told to slow itself down by an icmp source
# quench to the loopback.
$IPTABLES -A INPUT -i $INET_IFACE -d $LO_IP -j DROP
# Refuse broadcast address packets.
$IPTABLES -A INPUT -i $INET_IFACE -d $INET_BROADCAST -j DROP
#
# TCP rules
#
#WWW
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 80 -j allowed
#$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 443 -j allowed
#
# UDP ports
#
$IPTABLES -A udp_packets -p udp -j LOG
$IPTABLES -A udp_packets -p UDP -s 0/0 --dport 32768 -j DROP
$IPTABLES -A tcp_packets -p UDP -s 0/0 --dport 48639 -j DROP
$IPTABLES -A udp_packets -p udp -j DROP
#
# In Microsoft Networks you will be swamped by broadcasts. These lines
# will prevent them from showing up in the logs.
#
$IPTABLES -A udp_packets -p UDP -i $INET_IFACE -d $INET_BROADCAST \
--destination-port 135:139 -j DROP
#
# If we get DHCP requests from the Outside of our network, our logs will
# be swamped as well. This rule will block them from getting logged.
#
$IPTABLES -A udp_packets -p UDP -i $INET_IFACE -d 255.255.255.255 \
--destination-port 67:68 -j DROP
#
# ICMP rules
#
$IPTABLES -A icmp_packets -p ICMP -s 0/0 --icmp-type 8 -j ACCEPT
$IPTABLES -A icmp_packets -p ICMP -s 0/0 --icmp-type 11 -j ACCEPT
#
# 4.1.4 INPUT chain
#
# Bad TCP packets we don't want.
#
$IPTABLES -A INPUT -p tcp -j bad_tcp_packets

# Packets from LAN, DMZ or LOCALHOST
#

#
# From DMZ Interface to DMZ firewall IP
#
$IPTABLES -A INPUT -p ALL -i $DMZ_IFACE -d $DMZ_IP -j ACCEPT
#
# From LAN Interface to LAN firewall IP
#
$IPTABLES -A INPUT -p ALL -i $LAN_IFACE -d $LAN_IP -j ACCEPT
#
# Rules for special networks not part of the Internet
#
$IPTABLES -A INPUT -p ALL -i $LAN_IFACE -s $LAN_IP_RANGE -j ACCEPT
$IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LO_IP -j ACCEPT
$IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LAN_IP -j ACCEPT
$IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $INET_IP -j ACCEPT
#
# Special rule for DHCP requests from LAN, which are not caught properly
# otherwise.
#
#$IPTABLES -A INPUT -p UDP -i $LAN_IFACE --dport 67 --sport 68 -j ACCEPT
#
# Rules for incoming packets from the internet.
#
$IPTABLES -A INPUT -p ALL -d $INET_IP -m state --state ESTABLISHED,RELATED \
-j ACCEPT
$IPTABLES -A INPUT -p TCP -i $INET_IFACE -j tcp_packets
$IPTABLES -A INPUT -p UDP -i $INET_IFACE -j udp_packets
$IPTABLES -A INPUT -p ICMP -i $INET_IFACE -j icmp_packets
#
# If you have a Microsoft Network on the outside of your firewall, you may
# also get flooded by Multicasts. We drop them so we do not get flooded by
# logs
$IPTABLES -A INPUT -i $INET_IFACE -d 224.0.0.0/8 -j DROP
$IPTABLES -A INPUT -p tcp -s 0/0 --dport 32768 -j DROP
$IPTABLES -A INPUT -p udp -s 0/0 --dport 48639 -j DROP
#
# Log weird packets that don't match the above.
#
$IPTABLES -A INPUT -m limit --limit 3/minute --limit-burst 3 -j LOG \
--log-level DEBUG --log-prefix "IPT INPUT packet died: "
#
# 4.1.5 FORWARD chain
#
# Bad TCP packets we don't want
#
#$IPTABLES -A FORWARD -p tcp -j bad_tcp_packets
#
# DMZ section
#
# General rules
#
$IPTABLES -A FORWARD -i $DMZ_IFACE -o $INET_IFACE -j ACCEPT
$IPTABLES -A FORWARD -i $INET_IFACE -o $DMZ_IFACE -m state \
--state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $LAN_IFACE -o $DMZ_IFACE -j ACCEPT
$IPTABLES -A FORWARD -i $DMZ_IFACE -o $LAN_IFACE -m state \
--state ESTABLISHED,RELATED -j ACCEPT
#
# HTTP server
#
$IPTABLES -A FORWARD -p TCP -i $INET_IFACE -o $DMZ_IFACE -d $DMZ_HTTP_IP \
--dport 80 -j allowed
$IPTABLES -A FORWARD -p ICMP -i $INET_IFACE -o $DMZ_IFACE -d $DMZ_HTTP_IP \
-j icmp_packets
#
# DNS server
#
$IPTABLES -A FORWARD -p TCP -i $INET_IFACE -o $DMZ_IFACE -d $DMZ_DNS_IP \
--dport 53 -j allowed
$IPTABLES -A FORWARD -p UDP -i $INET_IFACE -o $DMZ_IFACE -d $DMZ_DNS_IP \
--dport 53 -j ACCEPT
$IPTABLES -A FORWARD -p ICMP -i $INET_IFACE -o $DMZ_IFACE -d $DMZ_DNS_IP \
-j icmp_packets
#
#
# Accept the packets we actually want to forward
#
$IPTABLES -A FORWARD -i $LAN_IFACE -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -p tcp --dport 80 -j ACCEPT
#DNS
#$IPTABLES -A FORWARD -p tcp --dport 53 -j ACCEPT
#
# Log weird packets that don't match the above.
#
$IPTABLES -A FORWARD -m limit --limit 3/minute --limit-burst 3 -j LOG \
--log-level DEBUG --log-prefix "IPT FORWARD packet died: "
#
# 4.1.6 OUTPUT chain
#
# Bad TCP packets we don't want.
#
$IPTABLES -A OUTPUT -p tcp -j bad_tcp_packets
#
# Special OUTPUT rules to decide which IP's to allow.
#
$IPTABLES -A OUTPUT -p ALL -s $LO_IP -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -s $LAN_IP -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -s $INET_IP -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 32768 -j DROP
$IPTABLES -A OUTPUT -p udp --dport 32768 -j DROP
$IPTABLES -A OUTPUT -p tcp --dport 48639 -j DROP
$IPTABLES -A OUTPUT -p udp --dport 48639 -j DROP
$IPTABLES -A OUTPUT -p tcp --sport 32768 -j DROP
$IPTABLES -A OUTPUT -p udp --sport 32768 -j DROP
$IPTABLES -A OUTPUT -p tcp --sport 48639 -j DROP
$IPTABLES -A OUTPUT -p udp --sport 48639 -j DROP

#
# Log weird packets that don't match the above.
#
$IPTABLES -A OUTPUT -m limit --limit 3/minute --limit-burst 3 -j LOG \
--log-level DEBUG --log-prefix "IPT OUTPUT packet died: "
#
# 4.2 nat table
#
# 4.2.4 PREROUTING chain

###SQUID TRANSPARENT PROXY
$IPTABLES -t nat -A PREROUTING -i $LAN_IFACE -s $LAN_IP_RANGE -d $HTTP_IP -p tcp --dport 80 -j REDIRECT --to-ports 3128
#
#WEBSERVER2SQUID#
$IPTABLES -t nat -A PREROUTING -p TCP -i $INET_IFACE -d $HTTP_IP --dport 80 \
-j DNAT --to-destination $DMZ_HTTP_IP
$IPTABLES -t nat -A PREROUTING -p TCP -i $INET_IFACE -d $DNS_IP --dport 53 \
-j DNAT --to-destination $DMZ_DNS_IP
$IPTABLES -t nat -A PREROUTING -p UDP -i $INET_IFACE -d $DNS_IP --dport 53 \
-j DNAT --to-destination $DMZ_DNS_IP
#
#
#POSTROUTING CHAIN
#
$IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j SNAT --to-source $INET_IP
#
-------------------END PASTE------------------------------------------

Thanks in advance
 
Old 12-15-2009, 06:34 PM   #2
nimnull22
Senior Member
 
Registered: Jul 2009
Distribution: OpenSuse 11.1, Fedora 14, Ubuntu 12.04/12.10, FreeBSD 9.0
Posts: 1,571

Rep: Reputation: 92
Can you please, do: iptables-save, and post output here.

Thanks
 
1 members found this post helpful.
Old 12-15-2009, 09:54 PM   #3
MikeHammer
Member
 
Registered: Dec 2009
Posts: 61

Original Poster
Rep: Reputation: 15
Thanks you... I send ipt.txt (unix format) with iptables output.
Regards
Attached Files
File Type: txt ipt.txt (5.0 KB, 7 views)
 
Old 12-16-2009, 09:10 PM   #4
nimnull22
Senior Member
 
Registered: Jul 2009
Distribution: OpenSuse 11.1, Fedora 14, Ubuntu 12.04/12.10, FreeBSD 9.0
Posts: 1,571

Rep: Reputation: 92
Send here please output from router-firewall for: "router -n"

Thanks
 
1 members found this post helpful.
Old 12-16-2009, 09:52 PM   #5
MikeHammer
Member
 
Registered: Dec 2009
Posts: 61

Original Poster
Rep: Reputation: 15
Thanks, nimnull22...

------Paste:

Linux:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
190.xxx.xxx.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.111.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.222.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
0.0.0.0 190.xxx.xxx.1 0.0.0.0 UG 0 0 0 eth0
0.0.0.0 192.168.111.1 0.0.0.0 UG 0 0 0 eth1
0.0.0.0 192.168.222.21 0.0.0.0 UG 0 0 0 eth2
Linux:~#

----end paste

Regards
 
Old 12-16-2009, 10:05 PM   #6
nimnull22
Senior Member
 
Registered: Jul 2009
Distribution: OpenSuse 11.1, Fedora 14, Ubuntu 12.04/12.10, FreeBSD 9.0
Posts: 1,571

Rep: Reputation: 92
And what is internet GW IP???
 
Old 12-16-2009, 10:10 PM   #7
MikeHammer
Member
 
Registered: Dec 2009
Posts: 61

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by nimnull22 View Post
And what is internet GW IP???
eth0 190.xxx.xxx.89
From ISP cablemodem DHCP (dinamic, but I have set Zoneedit)
 
Old 12-16-2009, 10:23 PM   #8
nimnull22
Senior Member
 
Registered: Jul 2009
Distribution: OpenSuse 11.1, Fedora 14, Ubuntu 12.04/12.10, FreeBSD 9.0
Posts: 1,571

Rep: Reputation: 92
Why do you do this:
PREROUTING -s 192.168.111.0/24 -d 190.xxx.xxx.89/32 -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 ?
 
1 members found this post helpful.
Old 12-16-2009, 10:33 PM   #9
MikeHammer
Member
 
Registered: Dec 2009
Posts: 61

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by nimnull22 View Post
Why do you do this:
PREROUTING -s 192.168.111.0/24 -d 190.xxx.xxx.89/32 -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 ?
For squid transparent proxy on LAN clients
 
Old 12-16-2009, 10:41 PM   #10
nimnull22
Senior Member
 
Registered: Jul 2009
Distribution: OpenSuse 11.1, Fedora 14, Ubuntu 12.04/12.10, FreeBSD 9.0
Posts: 1,571

Rep: Reputation: 92
For example you're going to 208.69.32.230 (google) = -d will be 208.69.32.230, and packets will miss your rule.

Am I right?

What was a purposes of that transparent proxy for LAN?

Last edited by nimnull22; 12-16-2009 at 10:56 PM.
 
1 members found this post helpful.
Old 12-16-2009, 10:55 PM   #11
MikeHammer
Member
 
Registered: Dec 2009
Posts: 61

Original Poster
Rep: Reputation: 15
Squid accelerates page loading as a proxy ... and as a "transparent" avoids having to configure each client with the proxy port 3128. For that cause is the rule in iptables: to force LAN clients to make requests through 3128...

Last edited by MikeHammer; 12-16-2009 at 11:00 PM.
 
Old 12-16-2009, 10:57 PM   #12
nimnull22
Senior Member
 
Registered: Jul 2009
Distribution: OpenSuse 11.1, Fedora 14, Ubuntu 12.04/12.10, FreeBSD 9.0
Posts: 1,571

Rep: Reputation: 92
Are you sure that request will reach squid?

Tell what happen with request: 208.69.32.230:80

Last edited by nimnull22; 12-16-2009 at 11:00 PM.
 
1 members found this post helpful.
Old 12-16-2009, 11:12 PM   #13
MikeHammer
Member
 
Registered: Dec 2009
Posts: 61

Original Poster
Rep: Reputation: 15
That address (OPENDNS) don't works, because wants to load some software incompatible... but 209.85.195.147 (google) works perfectly...
 
Old 12-16-2009, 11:28 PM   #14
nimnull22
Senior Member
 
Registered: Jul 2009
Distribution: OpenSuse 11.1, Fedora 14, Ubuntu 12.04/12.10, FreeBSD 9.0
Posts: 1,571

Rep: Reputation: 92
Quote:
Originally Posted by MikeHammer View Post
That address (OPENDNS) don't works, because wants to load some software incompatible... but 209.85.195.147 (google) works perfectly...
It was just an example IP. The question was, will request go through squid.

Last edited by nimnull22; 12-16-2009 at 11:30 PM.
 
1 members found this post helpful.
Old 12-16-2009, 11:42 PM   #15
MikeHammer
Member
 
Registered: Dec 2009
Posts: 61

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by nimnull22 View Post
It was just an example IP. The question was, will request go through squid.
Mmmm, no... When I said "Why I only see the webpages from the IP address of LAN BUT NOT from outside, from Internet??", I mean that the webpages of my site on DMZ 192.168.222.22 (webserver) only are see if I write the URL 192.168.222.22, BUT if I write www.mysite.com the pages don't see. This happens inside LAN. Outside LAN from Internet, the pages don't see....
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Iptables and DMZ scroogie Linux - Networking 2 02-28-2008 06:39 AM
iptables DMZ garnser Linux - Security 2 12-15-2007 01:14 AM
question about iptables (DMZ machine connect to other DMZ machine 's publuic IP) wingmak Linux - Security 1 01-20-2007 05:01 PM
iptables + DMZ Braytac Linux - Networking 3 10-06-2006 06:57 AM
IPTABLES and DMZ Host htimst Linux - Security 1 12-21-2001 08:04 AM


All times are GMT -5. The time now is 08:55 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration