plz give me some firewall(iptables or ipchain) for my dns,web & mail server
i have install in a same IBM SERVER DNS,WEB(Apache),MAIL(Sendmail)in redhat enterprise 3 es but my firewall is very weak can anyone send me some firewall(iptables or ipchain) for my dns,web & mail server?Fahad
Hi Fahad... you'll need to provide a little more information.
What network interfaces are there?
Is the box directly internet facing or is there a f/w?
Do you need any shell access configured?
Do you use SSL on your webserver?
Is your DNS internal only?
1.there is only one interface with isp.
2.there linux biuld in f/w.
3.yes there is shell/ssh access configure.
4.no there is no ssl on web server.
5.there are 2 dsn(primary & secondary)from the isp and also i hav configure NS for web & mail in same IBM server.
ok, so you require the following...
SSH access (we will assume open access internally and restrict access to one IP externally)
HTTPD access (no SSL)
Local DNS with forwarding to the specified DNS servers
Internal i/face is eth0, external is eth1
POP access only internally
You will need the following rules...
A.B.C.D above is the IP of the host that is allowed to ssh to this server from outside. You can change this to CIDR notation if you don't have a fixed IP for this host.
how do i block it with proxy i mean squid....?????
thanks for that firewall:cool:
I am running my internet gateway with RedHat 9 and also running Transperent Proxy with squid.but i can't block msn and yahoo messenger...how do i block it with proxy i mean squid....?????
I doubt they're going through port 80 anyhow, so you'd be better off just blocking whatever domain they authenticate through in iptables.
Just drop everything with either a source of destination of the particular domain. If you use wireshark on your proxy, you can watch the authentication handshake in progress and take note of the domains.
If i run with nowonmai's script and modify it the way I read it......
-I made the following changes because it sounds like you are running External Facing DNS
-You dont want to spam the logs and create a D.O.S
-You can't have -o lo on the INPUT chain (probably a typo)
-Blocked MSN and AOL (Only if we are the gateway / But we aren't because we havent written any NAT'ing rules, so the last 2 lines are probably useless anyway)
-Set the variable $IPT
Anyway there are a million different ways to do things, this is just two of them.
|All times are GMT -5. The time now is 11:00 PM.|