Networking/ pix firewall issue.
Wonder if anyone can help.
My LAN comprises fo the internal, DMZ and external zones.
This are controlled by pix 515 firewall. In the internal zone, we have router(64k lease line) to another company(A). If i were to allow the company(A) to ftp into one of our LAN server, how can i secured our server for ftp access only from company(A) ??
Right now, pix firewall is only able to secure access for DMZ and external zone. Because the router is in the internal zone and connect to company(A) via lease line. Wouldn't access via ftp allows company(A) to access all our internal servers ?? Pls advise.
Simple make an iptables script like this.
echo "Setting up IP Tables: /etc/iptables"
# Flush Rules, get rid of any user-defined chains, zero counters:
iptables -F -t nat
# Set policies for all pre-defined chains:
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
iptables -A INPUT -p tcp –dport 21,20 -s <company A IP(s)> -j ACCEPT
iptables -A OUTPUT -p tcp -s <company A IP(s)> -j ACCEPT
Just fill in the appropriate IPs or range of IPs. Thats should work but it is not ultra secure. So your mileage may vary.
|All times are GMT -5. The time now is 10:54 PM.|