Re: Iptable rules to protect my box from the internet
From: Andrew Schulman (andrex_at_deadspam.com)
Date: 12/28/04
- Next message: 19owls: "Re: Iptable rules to protect my box from the internet"
- Previous message: fritz-bayer_at_web.de: "Iptable rules to protect my box from the internet"
- In reply to: fritz-bayer_at_web.de: "Iptable rules to protect my box from the internet"
- Next in thread: 19owls: "Re: Iptable rules to protect my box from the internet"
- Reply: 19owls: "Re: Iptable rules to protect my box from the internet"
- Reply: fritz-bayer_at_web.de: "Re: Iptable rules to protect my box from the internet"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 28 Dec 2004 09:57:21 -0500
> I'm looking for a set of iptable rules, which will protect my linux box
> from incoming internet connections.
>
> My box's ip is 192.168.1.50 and my router is located at 192.168.1.100.
> Incoming and outgoing loopback connection and connections from the
> local lan are to be allowed.
>
> However, incoming tcp and udp connections not comming from either
> 127.0.0.1 or the local network 192.168.1.0 should be forbidden.
> Can somebody help me with this?
There's nothing you have to do. Your IP address, 192.168.1.50, isn't
routable over the internet; it's an internal IP reserved for LAN use.
What that means is that your router is performing network address
translation (NAT) between your internal and external IP addresses. It
has to be, or you wouldn't be receiving any internet traffic at all.
In order for NAT to work, it has to keep track of your outgoing
connections, so that it can properly route traffic back to you when
traffic comes in. But that means that any inbound traffic that doesn't
correspond to an existing connection can't reach you; if the router
doesn't recognize it as part of an existing connection, it doesn't know
where to send it, and simply drops it.
So, your router is already protecting you from all incoming connection
attempts. Only connections that you initiate will work.
Congratulations, you're done.
-- To reply by email, replace "deadspam.com" by "alumni.utexas.net"
- Next message: 19owls: "Re: Iptable rules to protect my box from the internet"
- Previous message: fritz-bayer_at_web.de: "Iptable rules to protect my box from the internet"
- In reply to: fritz-bayer_at_web.de: "Iptable rules to protect my box from the internet"
- Next in thread: 19owls: "Re: Iptable rules to protect my box from the internet"
- Reply: 19owls: "Re: Iptable rules to protect my box from the internet"
- Reply: fritz-bayer_at_web.de: "Re: Iptable rules to protect my box from the internet"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
