Re: Iptable rules to protect my box from the internet
From: 19owls (19_at_owls.org)
Date: 12/28/04
- Next message: Digi: "Re: Iptable rules to protect my box from the internet"
- Previous message: Andrew Schulman: "Re: Iptable rules to protect my box from the internet"
- In reply to: Andrew Schulman: "Re: Iptable rules to protect my box from the internet"
- Next in thread: Andrew Schulman: "Re: Iptable rules to protect my box from the internet"
- Reply: Andrew Schulman: "Re: Iptable rules to protect my box from the internet"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 29 Dec 2004 00:09:51 +0800
Is it safe to suggest that connecting a router on top of the cable modem
is better/safer than just the modem?
---- 19 Owls ----
>> I'm looking for a set of iptable rules, which will protect my linux box
>> from incoming internet connections.
>>
>> My box's ip is 192.168.1.50 and my router is located at 192.168.1.100.
>> Incoming and outgoing loopback connection and connections from the
>> local lan are to be allowed.
>>
>> However, incoming tcp and udp connections not comming from either
>> 127.0.0.1 or the local network 192.168.1.0 should be forbidden.
>> Can somebody help me with this?
>
> There's nothing you have to do. Your IP address, 192.168.1.50, isn't
> routable over the internet; it's an internal IP reserved for LAN use.
> What that means is that your router is performing network address
> translation (NAT) between your internal and external IP addresses. It
> has to be, or you wouldn't be receiving any internet traffic at all.
>
> In order for NAT to work, it has to keep track of your outgoing
> connections, so that it can properly route traffic back to you when
> traffic comes in. But that means that any inbound traffic that doesn't
> correspond to an existing connection can't reach you; if the router
> doesn't recognize it as part of an existing connection, it doesn't know
> where to send it, and simply drops it.
>
> So, your router is already protecting you from all incoming connection
> attempts. Only connections that you initiate will work.
> Congratulations, you're done.
- Next message: Digi: "Re: Iptable rules to protect my box from the internet"
- Previous message: Andrew Schulman: "Re: Iptable rules to protect my box from the internet"
- In reply to: Andrew Schulman: "Re: Iptable rules to protect my box from the internet"
- Next in thread: Andrew Schulman: "Re: Iptable rules to protect my box from the internet"
- Reply: Andrew Schulman: "Re: Iptable rules to protect my box from the internet"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
