Re: newbie needs help with iptables basics (please)

From: chez (chez_at_noc.net)
Date: 07/22/05 

Date: Fri, 22 Jul 2005 13:04:41 -0400

On Fri, 22 Jul 2005 11:58:02 -0500, Proteus <nospam@nowhere.net>
wrote:

>I could really use some help setting up a basic firewall using iptables. Yes
>I have RTFM (man iptables) and have read several docs off the net and pages
>from my Linux Bible and Network Security Bible, but for some reason my
>brain is somewhat mush putting it all together. If some kind souls here
>could help me walk through a basic set of iptables commands for a basic
>firewall I would be very grateful; I am willing to learn at each step,
>propose the commands, just could use some help telling me where I go wrong,
>etc.
>
>I have home LAN with a home office PC (192.168.1.100) hooked up to a LinkSys
>WiFi Etherfast Router hooked up to cable modem. I have a secondary PC
>(192.169.1.101) also cabled to the router, hence basically a two computer
>LAN, not including any wifi connections to the router. Mandriva (Mandrake)
>Linux LE2005 on an AMD cpu system. For the sake of the exercise, let us say
>my router's IP is 300.10.10.100 (not a real IP address of course, for
>anonymity sake here).
>
>I want to allow basic internet activity: access web pages via HTTP and also
>HTTPS, access FTP downloads, SSH client connections to remote computers,
>run an SSHD daemon (port 22) sometimes off my main PC and also off my
>second PC, and open up specfic ports for gaming (Unreal Tournament Game
>needs ports 27900-28902 TCP and 7777-7787 UDP) connections to both the
>internet and among LAN computers (for a LAN hosted game).
>
>If I try proposing what I think are the iptables commands here, will someone
>help tell me where I am going wrong, perhaps tell me what to fix/change? I
>really want to understand iptables for configuring a firewall at the
>command line level. Or help me by discussing the commands as I propose them
>here?
>
>Any help appreciated.

I had similiar question to you regarding IPTABLES and found an pretty
awesome video CBT for IPTABLES from www.linuxcbt.com Advanced folks
would yawn at this stuff, but you and me.....just like pavlov's
dog...syliva everywhere!

Here is a blurb from disc 10:
Linux Defensive Security Implementation Techniques
Implement Multi-Router Traffic Grapher (MRTG) to establish network
performance baseline
Configure Cisco PIX firewall for MRTG support via Simple Network
Management Protocol (SNMP)
Configure MRTG to generate perfomance & badwidth-related graphs for
Cisco PIX firewall
Implement IP Tables Host-based firewall support
Configure IP Tables to restrict access to necessary services
Introduce, discuss & plan the implementation of Snort 2.0 Intrustion
Detection System (IDS)
Discuss Snort intrustion detection concepts related to hubs & switches
Install Snort 2.0 Network-based Intrusion Detection System
Implement Snort 2.0 network sniffing functionality
Implement Snort 2.0 sniffing & packet-logging functionality
Demonstrate Snort's ability to monitor traffic between designated
hosts
Demonstrate password theft using Snort & FTP connections
Demonstrate password theft using Snort & Apache HTTP basic
authentication connections
Implement Snort 2.0 Network-based Intrusion Detection System
Implement SnortSnarf for web-based reporting of Snort 2.0 logs
Examine SnortSnarf reports via SSL-enabled web session
Demonstrate how to implement port mirroring on Cisco Catalyst switches
Implement Network Address Translation (NAT)
Discuss & Implement Port Address Translation (PAT)
Implement TCP Wrappers
Configure Xinetd to suppress access to the system from port-scanners
Discuss & Disable Portmap services

You looking for classic edition.

Relevant Pages

  • Re: Bridging network adapters in Linux
    ... ip addr add $address/$netbits dev br0 ... Either a default route ... two network devices assuming, ... This is done using the iptables mechanism. ...
    (comp.os.linux.networking)
  • Re: Questions on some wierd /var/log entries
    ... How do I find out if I'm on an ipv6 network? ... That is because I prefer using iptables directly. ... then you should start learning about its firewall ... Another important restriction for ssh is to authenticate by certificate ...
    (comp.os.linux.misc)
  • Re: Windows based (H)IDS
    ... It may seems so obvious that snort library is very ... Security but it is a commercial product. ... > softwares can be added to the ... > over a network. ...
    (Focus-IDS)
  • Re: Please Help - Strange problem with my servers - Locked out
    ... > The other server is directly connected to the Internet ... > I have a workstation on the WORK network. ... > The WORK network can talk to both HOME and COLO ... > Does snort drop packets? ...
    (comp.unix.bsd.freebsd.misc)
  • Re: Please Help - Strange problem with my servers - Locked out
    ... > The other server is directly connected to the Internet ... > I have a workstation on the WORK network. ... > The WORK network can talk to both HOME and COLO ... > Does snort drop packets? ...
    (comp.security.firewalls)