LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-20-2005, 05:23 PM   #16
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379

Quote:
Originally posted by peter_robb
with -p definitions, use lowercase letters, ie -p tcp
it actually doesn't matter...

Quote:
Originally posted by wesleywestervel
I have to build a transparent FIREWALL for a school project.
bad news, if you've been asked to build a transparent firewall in the true technical sense of the word (an ethernet bridge that transparently filters-out unwanted and/or potentially malicious packets) then what has been posted here on this thread is NOT what you need to do...

personally, i don't have any experience setting-up an actual transparent firewall so i'd have to do a lot of reading before i could even make a suggestion... but AFAIK you should probably be looking at something like ebtables:

http://ebtables.sourceforge.net/


Last edited by win32sux; 06-20-2005 at 10:42 PM.
 
Old 06-21-2005, 02:45 AM   #17
wesleywestervel
LQ Newbie
 
Registered: Aug 2004
Posts: 13

Original Poster
Rep: Reputation: 0
thnx a milion, it's working! the gateway on the webserver wasn't set rigth.

and i foudn out that with a simple forward command I can forward specific ports to another ip-address

THNX so much
 
Old 06-21-2005, 05:11 AM   #18
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
you're welcome... but remember that what you've made is NOT a transparent firewall... since you said this is for school i'd imagine the teacher would not accept a NAT firewall (what you've just made) if he explicity asked you for a transparent firewall, as they are completely different things...
 
Old 06-21-2005, 09:32 AM   #19
wesleywestervel
LQ Newbie
 
Registered: Aug 2004
Posts: 13

Original Poster
Rep: Reputation: 0
No, i'm planning to build a transparent firewall.
Btw, could you give me some tips about a tranparent firewall ?

For what i've read is that users don't know that they are going through a firewall.
 
Old 06-21-2005, 11:28 AM   #20
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
Quote:
Originally posted by wesleywestervel
No, i'm planning to build a transparent firewall.
Btw, could you give me some tips about a tranparent firewall ?

For what i've read is that users don't know that they are going through a firewall.
yeah, they don't have to make any changes at all... it's like a "smart patch cord" in a way... just plug it in and you're done...

here's some links:

http://www.topology.org/linux/bridge.html

http://ebtables.sourceforge.net/

http://bridge.sourceforge.net/
 
Old 06-22-2005, 01:47 AM   #21
dp31.singh
LQ Newbie
 
Registered: Jun 2005
Posts: 2

Rep: Reputation: 0
HI All

i am having problem in mounting NFS server through Iptables

i was trying to mount a nfs-server through my firewall

nfs-server<----------iptables<-------my.sun.machine
172.16.10.0 / 192.168.1.0

rpc is on, nfs is running (inside the 172.16.10.0 net i can connect)
port 2049,111 are open but i still can't connect. (there is no connect on the nfs-server) whem i was open ports from 1024 to 65535 it was working but i want to open exact ports only.
please, help me!

is there a howto on nfs through iptables?
 
Old 06-22-2005, 04:55 AM   #22
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
Quote:
Originally posted by dp31.singh
whem i was open ports from 1024 to 65535 it was working but i want to open exact ports only.
if that's the case then it's very likely that you just need to add a FORWARD rule for ESTABLSHED and RELATED packets, like this:
Code:
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
however, your issue has nothing to do with this thread so please open a new one in the Networking forum if you have any more questions... good luck...
 
Old 06-22-2005, 08:20 AM   #23
dp31.singh
LQ Newbie
 
Registered: Jun 2005
Posts: 2

Rep: Reputation: 0
this rule also i added but still there was a problem.

what exact ports for NFS need to open in our FW i already opened 111 and 2049 but it was not working but when i am opening all ports it was working give me solution ASAP.

please help me in this issue.
 
Old 06-22-2005, 09:08 AM   #24
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 379Reputation: 379Reputation: 379Reputation: 379
dp31.singh, for the second time: your issue has nothing to do with this thread so please open a new thread in the Networking forum...

 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
adsl+iptables+port forward+"-m tcp" strange problem icry0000 Linux - Networking 3 07-31-2005 09:31 PM
Iptables FORWARD or NAT. problem. aronnok Linux - Networking 0 01-30-2005 04:57 AM
iptables, port forward problem... wildwolf Linux - Security 11 01-12-2004 07:38 AM
iptables FORWARD ArnaudVR Linux - Security 6 07-07-2003 05:05 PM
iptables port forward problem weazy Linux - Networking 4 03-31-2003 02:49 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:22 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration