We have a spam in our network and we installed antivirus in all our systems and cleaned the virus from all pc's after that i had removed my ip from the database of blocked ip's but still my ip is blocked for sending spam i don't know from which pc the spam is going on the internet.

so i have a question that my proxy server is redhat linux and as a newbie i don't know the command's to find out which pc is creating large bandwidth to the internet.

If you tell the command how to see which pc is sending spam then i will discard that pc.

Also i want a strong firewall to stop spam activities.

Regards

Satish

You could use IPTraf.

FWIW, you already have iptables. That said, if your proxy server is the only way out from the LAN, then you'd probably want to address the problem there instead, and use the firewall as a second layer.

If your system are infected, and you install antivirus after this, you can in no way get sure that your systems are clean. Only sure way to know is to reinstall your systems.

i had formatted all the systems for the spam issue, now i want only a iptables firewall with only ftp,smtp,pop3,web(80) ports opened and all other ports closed.

Regards

Satish

Are you saying that you need help with setting up iptables? Are you still having a problem that requires assistance?

Yes sir i need assistance for setting up the iptables for my internal network, i want to open only ftp, smtp, pop3 web(80) port only and all other ports closed.It means i need a stonge firewall for my network, as I am not familiar with the iptables i want assistance from you.

can u send me the iptables rules

Thanks for helping me and answering the post waiting for the reply

Regards

Satish

There are two parts to what you need to do:
1 - create the IP tables filters and 2 - configure your system to restore them upon restart.

I would also REALLY suggest this blog. It is a very well written introduction to IP tables and it is where I finally began to understand how to use it. Having said that, I am also of the opinion that it is best to learn how to write the IP tables commands, but there are also simple front end tools for it, so you may want to look at what your distribution offers.

As far as writing the rules, you will simply add a set of filters to your input chain. The IPtables rules will work like a waterfall and if a given connection matches a rule, the process will terminate. If it does not match, it will go on to the next rule and try that one. You will want to set up a default policy or an ending rule that drops all traffic. Above this rule, you will whitelist the connections that you want to add. At the top of your filter, you will will want white list established connections and things like your loopback interface.

Here is an example to help get you started. You would add this to IPtables: iptables -A INPUT -i lo -j ACCEPT (you will likely need to run as root or use SUDO on the command). This command adds (-A), to the INPUT chain, the lo interface (-i lo) the accept action (-j ACCEPT). You will want similar commands for your established connections and then the services you want to use. Here is a small set of what you will want:

The above example adds the loopback, established connections and TCP on port 22 for SSH and then finally drops everything else.

Now as far as saving and restoring, the best way to do this is to first create your filters as above. Then use the command iptables-save to save the IP tables commands to a file. You can then add a section to your network interface configuration to iptables-restore these commands upon startup. This thread has a link to doing so, but here is the short version: