-   Linux - Networking (
-   -   Networking/ pix firewall issue. (

chuck77 05-20-2003 03:26 AM

Networking/ pix firewall issue.
Wonder if anyone can help.

My LAN comprises fo the internal, DMZ and external zones.
This are controlled by pix 515 firewall. In the internal zone, we have router(64k lease line) to another company(A). If i were to allow the company(A) to ftp into one of our LAN server, how can i secured our server for ftp access only from company(A) ??

Right now, pix firewall is only able to secure access for DMZ and external zone. Because the router is in the internal zone and connect to company(A) via lease line. Wouldn't access via ftp allows company(A) to access all our internal servers ?? Pls advise.


tarballedtux 05-21-2003 03:50 PM

Simple make an iptables script like this.

echo "Setting up IP Tables: /etc/iptables"

modprobe ip_tables
modprobe ip_conntrack

# Flush Rules, get rid of any user-defined chains, zero counters:
iptables -F
iptables -F -t nat
iptables -X
iptables -Z

# Set policies for all pre-defined chains:
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

iptables -A INPUT -p tcp –dport 21,20 -s <company A IP(s)> -j ACCEPT
iptables -A OUTPUT -p tcp -s <company A IP(s)> -j ACCEPT

Just fill in the appropriate IPs or range of IPs. Thats should work but it is not ultra secure. So your mileage may vary.

All times are GMT -5. The time now is 07:38 AM.