LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   Transparent Firewall (https://www.linuxquestions.org/questions/slackware-14/transparent-firewall-72942/)

veil 07-15-2003 11:46 AM

Transparent Firewall
 
Hello!

I'm trying to setup a transparent firewall. I want my server to keep its original live IP address and to be behind the firewall (no masquerading). How can I accomplish this one?

Thanx.

Mathieu 07-15-2003 11:57 AM

Use iptables.

Take a look at the MAN page of iptables for more informations.

green_dragon37 07-15-2003 12:00 PM

I couldn't tell you how to do it with linux, but it was fairly easy for me with OpenBSD. The link below provides instructions on setting up an completely invisibe firewall with OpenBSD.

http://www.openlysecure.org/openbsd/..._firewall.html

Ian

Moltag 07-15-2003 03:34 PM

One of the things you'll want to do for a firewall is to stealth certain ports, correct?

Stealthing ports using IPTABLES is fairly simple. Just use:

iptables -i {external_interface} -p {protocol} --dport {port_number} -j DROP

{external_interface} should be set to whatever interface your server uses to connect to the internet (eg. ppp0). {protocol} can be set to tcp, upd or icmp, depending on what protocol you want to work with. {port_number} can be set to the port number you wish to stealth. For example, if you want to block internet access to an FTP server, you would put 21 as the port number.

So, as an example, I have my linux server set up to deny FTP connections from internet clients. My DSL connection is ppp0, so my iptables ruleset looks like:

iptables -i ppp0 -p tcp --dport 21 -j DROP

You can also chose to stealth EVERYTHING against a certain protocol. For instance, I don't want internet users to be able to ping my machine, so I just use:

iptables -i ppp0 -p icmp -j DROP

Good luck.


All times are GMT -5. The time now is 03:12 AM.