Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
11-27-2005, 09:08 AM
|
#1
|
|
Member
Registered: Nov 2003
Location: Lebanon
Distribution: RHEL 5/CentOS 5/Debian Lenny/(K)Ubuntu Is Dead/Mandriva 10.1
Posts: 676
Rep: 
|
Simple question about firewalls
I have a simple router setup, using the following
eth0 = local
eth1 = external
I want to be able to ftp and ssh the router from the internet so I set the rules to accept those two and then drop everything else on eth1.
What about eth0, I have a local webserver on port 8080 should I use the same procedure ...I mean block everything exept port 8080.
Note: I used my linux box before with only one interface , but now Iadded a second computer and I want to setup my firewall. I will setup NAT later
|
|
|
|
|
11-27-2005, 09:19 AM
|
#2
|
|
Senior Member
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458
Rep:
|
The only controls you will need on eth0 are outgoing restrictions.. eg blocking access to external services..
For users on eth0 they will need SNAT on eth1 to be able to access the internet, and make sure ip_forward is on.
|
|
|
|
|
11-27-2005, 09:24 AM
|
#3
|
|
Member
Registered: Nov 2003
Location: Lebanon
Distribution: RHEL 5/CentOS 5/Debian Lenny/(K)Ubuntu Is Dead/Mandriva 10.1
Posts: 676
Original Poster
Rep:
|
Ok thanks I got that...another question if you do not mind....do I need to setup established and state for a state firewall....or can I do it without them......
|
|
|
|
|
11-27-2005, 10:02 AM
|
#4
|
|
Senior Member
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458
Rep:
|
Usually you need to allow ESTABLISHED & RELATED if you have a DROP policy. It saves many port by port rules.
NEW connections have to be handled one by one in the rules.
|
|
|
|
|
11-27-2005, 02:08 PM
|
#5
|
|
Member
Registered: Nov 2003
Location: Lebanon
Distribution: RHEL 5/CentOS 5/Debian Lenny/(K)Ubuntu Is Dead/Mandriva 10.1
Posts: 676
Original Poster
Rep:
|
Ok thanks for the help..Ive read a couple of tutorials...but there are things that can only be deduced through discussions with experienced users like you...
Thanks again
|
|
|
|
All times are GMT -5. The time now is 11:31 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
