Re: iptables

• Previous message: Jose Nazario: "Re: Clever Firewall Rules, Second Edition"
• In reply to: Thomas Kirk: "iptables"
• Next in thread: Trevor Benson: "RE: iptables"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Message-ID: <20010920022356.85692.qmail@web11502.mail.yahoo.com>
Date: Wed, 19 Sep 2001 19:23:56 -0700 (PDT)
From: Prakash Purushotham <ppuru@yahoo.com>
Subject: Re: iptables
To: Thomas Kirk <thomas@arkena.com>, focus-linux@securityfocus.com

Tom

I know atleast one person who doesn't like being called Thomas.
Coming to the point...

You need to install the openssh rpms. Once that goes through
fine, edit /etc/ssh/sshd_config and set

PermitRootLogin no
Ignoreknownhosts yes

restart sshd.

I would prefer you look into FreeSWan if you want to connect to
your firewall from the outside (through the big bad internet).

Modify your firewall rules

# *** from local net

iptables -t filter -A INPUT -p tcp -i ! eth0 -s 192.168.0.0/16
--sport 1024: --dport ssh -j ACCEPT -m state --state
ESTABLISHED,NEW
iptables -t filter -A OUTPUT -p tcp -o ! eth0 -d 192.168.0.0/16
--dport 1024: --sport ssh -j ACCEPT -m state --state ESTABLISHED

# *** from the big bad world

iptables -t filter -A INPUT -p tcp -i eth0 -s <fixed ip> --sport
1024: --dport ssh -j ACCEPT -m state --state ESTABLISHED,NEW
iptables -t filter -A OUTPUT -p tcp -o eth0 -d <fixedip> --dport
1024: --sport ssh -j ACCEPT -m state --state ESTABLISHED

my .02c

Prakash

--- Thomas Kirk <thomas@arkena.com> wrote:
> Hey there listmembers
>
> my question is. Sometimes i need to connect from the inside
> and
> the outside into my fw via ssh (Not root!). How is this done?
> Right
> now i cant connect to the server from any of the sides?
>
> iptablerules :

__________________________________________________
Terrorist Attacks on U.S. - How can you help?
Donate cash, emergency relief information
http://dailynews.yahoo.com/fc/US/Emergency_Information/

• Previous message: Jose Nazario: "Re: Clever Firewall Rules, Second Edition"
• In reply to: Thomas Kirk: "iptables"
• Next in thread: Trevor Benson: "RE: iptables"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Help is needed ... Re: IPTables won't start ... high resolution timer ... RPM database question ... Can you not just try and install the shared objects. ... (Fedora) Re: Feedback solicited - best way to harden a mail/web server? ... Was the system protected by a properly configured firewall? ... it's not a bad "starting point" and it can generate an IPtables rule ... > nor is there a web or ftp server; aside from that I haven't tried to secure ... Before I'll install some nifty application ... (comp.os.linux.security) Re: Connection to SonicWall VPN through Linux IPTABLES Firewall/Proxy ... I would never install something I didn't ... from the LAN and does NAT to provide access to the Internet to the ... What iptables is doing is taking packets from the LAN, ... (comp.security.firewalls) Re: iptables and DHCP ... > daemon is hooking the packets before iptables sees them. ... I've stopped dhcpd listening on this interface for now. ... :-) This is the first time in about 4 years that I've had a windows OS ... couple of hours to install it. ... (uk.comp.os.linux) Re: RH router-firewall reality check needed ... >> Hi, using iptables on a web server, server or desktop seems pretty ... > I may install Squidguard. ... > RHN applet no longer works, ... > So, to make a long story short: yes, companies do use iptables as their ... (linux.redhat)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint