config firewall for internal http and httos
Hi
I have to do the following on a LINUX firewall using iptables: "Provide access through the firewall to the webserver from address on the internal network using http and https. I then need to block access through the firewall from all other sources and to all other ports." Having investigated this, I am so what confused as to how to configure the firewall to do this. I have founf two options, but am not sure what it is: iptables -A FORWARD -m state --state ESTABLISHED, RELATED, -j accept iptables -A FORWARD -p tcp --dport443 -j accept iptables -A FORWARD -j log iptables -A FORWARD -j drop OR it is this: iptables -A INPUT -i $ETHERNET -p tcp -d $MYIP --dport 80 -j ACCEPT iptables -A OUTPUT -o $ETHERNET -p tcp -s $MYIP --sport 80 ! --syn -j ACCEPY iptables -A INPUT -i $ETHERNET -p tcp -d $MYIP --dport 22 -s $MYNET -j ACCEPT iptables -A OUTPUT -o $ETHERNET -p tcp -s $MYIP --sport 22 -d $MYNET ! --syn -j ACCEPT Can someone help me? I am new to this and am confused what the difference is. - but I only want to enable internal traffic, not external. I look forward to some replies Dales79 |
To allow external traffic through the firewall to an internal lan machine you would use a command like this for a tcp port. Replace xxx.xxx.xxx.xxx with your external wan IP and yyy.yyy.yyy.yyy to the internal lan server IP
IPTABLES -t nat -A PREROUTING -i eth0 -p tcp -d xxx.xxx.xxx.xxx --dport 80 -j DNAT --to-destination yyy.yyy.yyy.yyy:80 The first section you have is open the 443 port on the exteranl nic of the firewall. Not needed unless you are providing the service on the firewall. The second would work with a few other lines. You can learn a lot of iptables stuff here as well as looking at many prewritten scripts. Many have good remarks through out for ease of understanding. http://www.linuxguruz.com/iptables/ http://www.netfilter.org/ http://iptables-tutorial.frozentux.n...-tutorial.html Hope this helps. Brian1 |
All times are GMT -5. The time now is 03:28 PM. |