Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello ppl, I would like to ask for help in configuring my iptables firewall. Any help would be appreciated.
Here is the setup.
I have a Linksys router that can share internet connection in my house and I have a dsl line with a dynamic ipaddress. They say that the Router has a firewall capability but i want to make a linux firewall, cuz i know that it is bettter.
I would like to put my firewall between the router and my network to ensure security.
I have read some faqs, docu's and howto's of iptables and came up with this script, pls tell me if there are things i need to change because I cant browse the internet on the firewall.
I havent put the local network connection to connect because i want to test the firewall first by itself.
To allow others use internet from behind your linux router, you would need to add a MASQUERADE rule. As you have successfully built a firewall script with some reading, I would leave the onus on you to do some more reading to get the MASQUERADE in place.
You would also need to enable ip forwarding .. in one of the following ways
edit /etc/sysctl.conf and add/modify the following parameter
yes i forgot the model but it also has firewall capabilities that i can turn off.
from the script do you think that there is something wrong in it? btw thanks for the reply.
Firewalling a box behind a firewall is a good idea, but puting a firewall/router and having it NAT the LAN behind it is not so good. that comes under NAT'ing a NAT which is not a good practice.
You will have less network problems if you leave the Linksys up and firewall each box themselfs.
# Allow www outbound to 80.
iptables -A INPUT -i eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
# Allow www outbound to 443.
iptables -A INPUT -i eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
I can now surf provided that i know the ipaddress of the site that i'm goin to surf.
I know that its a DNS problem, and i added logging at the end of my script to solve it but when i booted up again in CLI, the monitor is clogged up by logs continously and i cant see the shell. Is there a way to turn the logging from reflecting on my monitor so i can just look at the logs at /var/log like other normal linux users do?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.