LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 01-29-2007, 11:02 AM   #1
Gemenii
LQ Newbie
 
Registered: Jan 2007
Posts: 1

Rep: Reputation: 0
firewall - iptables


Hello, can anyone help me with a firewall ? i`m newbie with this things, so i dont know very well...

Ok, here is my setup. I have 5 IP addresses.

70.147.94.242 to 70.147.94.246

70.147.94.241 is my gateway to the world.

Elvis has 3 network cards in him. The first is connected to the
Internet. It will have to carry all 5 of my IP addresses. The
second card is connected to a private network. The private network
is in the 192.168.2.x range. The second card has a fixed address of
192.168.2.1. The third network card is to be used as an extremely
limited network. It can't talk to anything but the Internet. It CAN
NOT talk to the subnet on the 2nd card. The third network card is in
the 192.168.3.x range with the third NIC having a fixed IP of
192.168.2.3.

The public IP addresses have the following services...

70.147.94.242
(A) Accepts NO incoming connections. It should be a tarpit to
anything that tries to connect to it.
(B) This is my NAT address. The subnet on 192.168.2.x (second NIC)
will use this address for all outgoing traffic.

70.147.94.243
(A) Accepts HTTP and HTTPS - may support WebDav for selected addresses
(B) Accepts POP3 and SMTP
(C) Accepts FTP (from selected address only - port knocking perhaps)
(D) Accepts Squid

70.147.94.244
Should be a tar pit

70.147.94.245
Should be a tar pit

70.147.94.246
(A) Accepts SSH
(B) Accept IRC ports (4400, 6667, and 6668)

192.168.2.1
(A) SSH
(B) DNS (caching only)
(C) DHCP
(D) FTP
(E) HTTP
(F) HTTPS
(G) WebDav
(H) NAT for the entire subnet - 70.147.94.242 is what the subnet
should use for its outgoing address
(I) Squid - transparent proxy although authentication is possible

192.168.2.3
(A) DNS (caching only)
(B) DHCP

Of course if anyone attempts to brute force any of the services
(connects more than X times per second) I want their address to be
blocked and any connection states that currently have to be dropped.

I think that about covers it.
 
Old 01-29-2007, 03:37 PM   #2
kremers78
Member
 
Registered: Nov 2006
Distribution: slackware 11.0
Posts: 40

Rep: Reputation: 15
the last time i've to control a network like that with iptables i used fwbuilder.
It's a nice frontend for a iptables based firewall, and when i'm looking at a network like yours, i think you can manage that with this great tool.
 
Old 01-30-2007, 11:58 AM   #3
alienux
Member
 
Registered: Sep 2006
Location: Dayton, Ohio
Distribution: Slackware 12, Fedora Core, PCLinuxOS
Posts: 194

Rep: Reputation: 30
I'll second the suggestion for fwbuilder. I come from a Checkpoint background, and fwbuilder is the only firewall interface I have found that I like as much (other than the FortiGate boxes that I have deployed at some clients now). Fwbuilder with iptables, and kiwisyslog viewer for color coding logs is a great combination.
 
Old 01-31-2007, 02:24 AM   #4
kremers78
Member
 
Registered: Nov 2006
Distribution: slackware 11.0
Posts: 40

Rep: Reputation: 15
Quote:
Originally Posted by alienux
I'll second the suggestion for fwbuilder. I come from a Checkpoint background, and fwbuilder is the only firewall interface I have found that I like as much (other than the FortiGate boxes that I have deployed at some clients now). Fwbuilder with iptables, and kiwisyslog viewer for color coding logs is a great combination.

didn't knew that last one... gonna take a look at it!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Iptables with iptables-firewall.conf arno's matt3333 Slackware 16 06-28-2007 07:20 AM
Firewall with iptables spank Linux - Networking 1 07-06-2006 10:57 AM
How does my iptables firewall look? gian2oo1 Linux - Security 2 10-20-2005 08:27 PM
iptables and firewall J4b0l Linux - Security 5 10-10-2005 08:02 AM
IPTABLES firewall Vs rc firewall netguy2000 Linux - Security 7 02-28-2004 04:31 AM


All times are GMT -5. The time now is 08:10 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration