Hello all,
first of all i'd like to wish you all happy holidays, and a merry belated christmas.
Secondly, i'm trying to setup a centos 5.4 to act as:
1. firewall # can you check my config below and tell me if i missed anything?
2. DHCP # already configured
3. transparent squid proxy # already configured
4. http (virtual hosts) # in the near future
5. squirrelmail # in the near future
- Relevant info:
Two NICs:
eth0 LAN: with dhcp service: 192.168.57.1(255.255.255.0) # my lan users are connected to this interface
eth1 WAN: static: 172.16.2.14 gw/172.16.2.13 (255.255.255.248) # My isp is connected to this interface
I want my firewall to do the following:
1. get my box to be completely secure from outside access, in other words deny all access from the outside world to my box &/or my LAN
2. allow my LAN users to access the internet/ box without any restrictions, through a transparent squid installation
i've searched a bit online, i must admit i never used iptables before (i thought of using firestarter as it's graphical and am no iptables guru, not even a novice user though i've installed my box with no X hence no graphical applications)
i finally used bits an pieces and came up with the following:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
In_RULE_0 all -- anywhere 172.16.2.14
In_RULE_2 udp -- 192.168.57.1 anywhere udp multiport dports bootpc,bootps state NEW
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Cid1888X3970.0 udp -- 192.168.57.1 anywhere udp multiport dports bootpc,bootps state NEW
Out_RULE_3 all -- 192.168.57.1 anywhere state RELATED,ESTABLISHED
Cid1594X3970.0 all -- 192.168.57.1 anywhere state NEW
Chain Cid1594X3970.0 (1 references)
target prot opt source destination
Out_RULE_4 all -- anywhere 172.16.2.14
Out_RULE_4 all -- anywhere 192.168.57.1
Chain Cid1888X3970.0 (1 references)
target prot opt source destination
Out_RULE_2 all -- anywhere 172.16.2.14
Out_RULE_2 all -- anywhere 192.168.57.1
Chain In_RULE_0 (1 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level info prefix `RULE 0 -- DENY '
DROP all -- anywhere anywhere
Chain In_RULE_2 (1 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level info prefix `RULE 2 -- ACCEPT '
ACCEPT all -- anywhere anywhere
Chain Out_RULE_2 (2 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level info prefix `RULE 2 -- ACCEPT '
ACCEPT all -- anywhere anywhere
Chain Out_RULE_3 (1 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level info prefix `RULE 3 -- ACCEPT '
ACCEPT all -- anywhere anywhere
Chain Out_RULE_4 (2 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level info prefix `RULE 4 -- ACCEPT '
ACCEPT all -- anywhere anywhere
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
