LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   DMZ and Playstation2 (https://www.linuxquestions.org/questions/linux-security-4/dmz-and-playstation2-484748/)

metallica1973 09-18-2006 04:04 PM
DMZ and Playstation2
 
I have a playstation2 and I have an extra NIC that I want to use to create a DMZ for my playstation.Can somebody give me an example of a sample iptables rule set and can I allow all the UDP and TCP ports open or better said should I allow all the ports wide open and how big of a security theat is it?

Brian1 09-18-2006 04:28 PM
I would go here and check out the scripts for mulit-homed firewalls.
http://www.linuxguruz.com/iptables/

Brian1

metallica1973 09-18-2006 04:50 PM
These are the rules that I have added to my firewall. I remarked out the access to LAN area of the DMZ rule set. I did not see a purpose for that rule(my lan does not need access to my PS2 or the DMZ). I connected my laptop and configured it with the 192.168.5.10 to simulate the PS2 and I can ping a domain by name successfully, the ip address of the domain successfully but when I try and access the internet it just hangs. I am wondering if traffic is not being allowed back into my network!

PS2_IFACE=eth1
PS2_IP=192.168.5.1/28
PS2=192.168.5.10

PHP Code:
$IPTABLES -A INPUT -p ALL -i $PS2_IFACE -d $PS2_IP -j ACCEPT
$IPTABLES -t nat -A PREROUTING -p TCP -i $EXT_IFACE -d $PS2_IP --dport 1:65353 \
-j DNAT --to-destination $PS2
$IPTABLES -A FORWARD -i $PS2_IFACE -o $EXT_IFACE -j ACCEPT
$IPTABLES -A FORWARD -i $EXT_IFACE -o $PS2_IFACE -m state \
--state ESTABLISHED,RELATED -j ACCEPT
#$IPTABLES -A FORWARD -i $LAN_IFACE -o $DMZ_IFACE -j ACCEPT
#$IPTABLES -A FORWARD -i $DMZ_IFACE -o $LAN_IFACE -j ACCEPT
$IPTABLES -A FORWARD -p TCP -i $EXT_IFACE -o $PS2_IFACE -d $PS2 \
--dport 1:65353 -j allowed
$IPTABLES -A FORWARD -p UDP -i $EXT_IFACE -o $PS2_IFACE -d $PS2 \
--dport 1:65353 -j allowed 


All times are GMT -5. The time now is 10:54 AM.