|
Networking/ pix firewall issue.
Wonder if anyone can help.
My LAN comprises fo the internal, DMZ and external zones. This are controlled by pix 515 firewall. In the internal zone, we have router(64k lease line) to another company(A). If i were to allow the company(A) to ftp into one of our LAN server, how can i secured our server for ftp access only from company(A) ?? Right now, pix firewall is only able to secure access for DMZ and external zone. Because the router is in the internal zone and connect to company(A) via lease line. Wouldn't access via ftp allows company(A) to access all our internal servers ?? Pls advise. ;) |
Simple make an iptables script like this.
#!/bin/bash echo "Setting up IP Tables: /etc/iptables" modprobe ip_tables modprobe ip_conntrack # Flush Rules, get rid of any user-defined chains, zero counters: iptables -F iptables -F -t nat iptables -X iptables -Z # Set policies for all pre-defined chains: iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP iptables -A INPUT -p tcp –dport 21,20 -s <company A IP(s)> -j ACCEPT iptables -A OUTPUT -p tcp -s <company A IP(s)> -j ACCEPT Just fill in the appropriate IPs or range of IPs. Thats should work but it is not ultra secure. So your mileage may vary. |
| All times are GMT -5. The time now is 09:13 AM. |