need help with ports....
well guys i wana block remote desktop access on my intranet....
m running RHEL4 as my distro n iptables for firewall.......
########################## my iptable file ###############################
*filter
:INPUT ACCEPT [65:6072]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -s 172.16.1.0/255.255.0.0 -i eth0 -d 192.168.0.0/24 -p tcp -j ACCEPT
-A FORWARD -s 172.16.1.0/255.255.0.0 -i eth0 -d 192.168.0.0/24 -o eth1 -p tcp -m state --state ESTABLISHED -j ACCEPT
-A FORWARD -d 172.16.1.0/255.255.0.0 -o eth0 -s 192.168.0.0/24 -i eth1 -p tcp -m state --state ESTABLISHED -j ACCEPT
-A INPUT -j ACCEPT -p all -s 172.16.1.0/255.255.0.0 -i eth0
-A OUTPUT -j ACCEPT -p all -d 172.16.1.0/255.255.0.0 -o eth0
COMMIT
*nat
:PREROUTING ACCEPT [14:2040]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -s 172.16.1.0/16 -o eth1 -j MASQUERADE
COMMIT
################################ end #################################
eth0 - i use it as a proxy address for surfing on the lan
eth1 - use it as gateway for lan
my modem connection is on eth0
i used this line in my iptables later but it didnt work---
iptables -A INPUT -p tcp -s 172.16.1.0/16 --dport 3389 -j DROP
neone plz help me.............is there smthing wrong with my iptables file or the command , hw should i do it.
thanks in advance.
|