LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-01-2003, 11:21 AM   #1
Bambi
Newbie
 
Registered: Aug 2003
Location: Toronto, Canada
Distribution: RedHat
Posts: 13

Rep: Reputation: 0
iptables forward?


I have a firewall connected to the internet -- two ethernet cards. Behind that I have a switch, my server and other computers.
I've read the iptables material and it is my impression that:

I will NOT be dealling at all with INPUT or OUTPUT, but with FORWARD exclusively and/or the -state stuff. This firewall is not just the software but an actual seperate computer.

I don't know why but I've never read any examples of INPUT OUTPUT set to deny, that is why I'm worried.
 
Old 10-01-2003, 06:59 PM   #2
/bin/bash
Senior Member
 
Registered: Jul 2003
Location: Indiana
Distribution: Mandrake Slackware-current QNX4.25
Posts: 1,802

Rep: Reputation: 47
It sounds to me like you need to look at the rc.firewall.txt or rc.DMZ.firewall.txt

Yes you will need to filter the INPUT, you want to protect the firewall itself. Usually the reason you would filter OUTPUT would be to block access to services or websites.

Last edited by /bin/bash; 10-01-2003 at 07:02 PM.
 
Old 10-02-2003, 11:15 AM   #3
Bambi
Newbie
 
Registered: Aug 2003
Location: Toronto, Canada
Distribution: RedHat
Posts: 13

Original Poster
Rep: Reputation: 0
Yes I have read that, but it may be my misinterpretation.
My setup has a server (mail, httpd, smb. etc.) behind the firewall. Just to be clear,: The firewall machine will NOT be doing anything but forwarding to the server or forwarding to the internet. So my understanding is:
IPTABLES -P INPUT DROP
IPTABLES -P OUTPUT DROP


iptables -t nat -A ...etc.

Am I misunderstanding this?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables doesn't forward and a suggation ikillu Linux - Networking 6 07-03-2005 09:43 AM
[IPTABLES] FORWARD problem :( wesleywestervel Linux - Security 23 06-22-2005 10:08 AM
iptables FORWARD Ipolit Slackware 16 06-09-2005 05:35 PM
IPTABLES port forward wanaka Linux - Security 3 09-28-2004 08:07 PM
iptables FORWARD ArnaudVR Linux - Security 6 07-07-2003 06:05 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:41 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration