iptables setup

xenny123 · 02-05-2010, 12:57 PM

Hi,
I'm using Slackware 13, kernel 2.6.29.6-smp. I'm running Apache, MySQL, UPnP server, DAA server, Samba, TorrentFlux and want SSH access.
My server will be placed in the DMZ of my router, and so I would like to drop all traffic from the internet unless it's for:

- Apache (port 80)
- SSH (port 22)
- TorrentFlux (BitTornado, 49160-49300)

But, internally I would like it drop all traffic except for:

- Apache (port 80)
- MySQL (port 3306)
- SSH (port 22)
- Samba (ports 139 and 445)
- DAA Server (3689)
- UPnP Server (5001)

Is this feasable? Or am I missing something crucial? I do know there are mountains of documentation for iptables but I don't have spare time to trawl through it all so any help is much appreciated.

Weird0ne · 02-05-2010, 02:53 PM

Does your computer have 2 NIC cards?

If not, DMZ on most routers disallow the internal network from accessing the DMZ'd computer since it get's a DHCP address from your ISP.

xenny123 · 02-05-2010, 03:26 PM

Only the one NIC card, all machines on internal network are able to access the machine in DMZ, it receives IP from router DHCP, so I assume that by DMZ, the router just routes all inbound packets from net to the assigned IP?
Not too sure, but can confirm that all internal machines can access all open ports.

xenny123 · 02-08-2010, 03:58 AM

If this is not possible, what alternatives for firewall protection are available?

Weird0ne · 02-10-2010, 05:18 PM

If there's no problem with the internal network reacing the DMZ machine what's preventing a simple iptables firewall?