WEB server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi all,

I am hosting a webservices to the public, the webserver got 2x interfaces;
one pointing to my network LAN (10.x.x.x)
and the other one connecting to the DMZ 192.168.10.x of the PIX.

Inside PIX I blocked every protocol except WWW and DNS.

From inside the LAN I did the following rules to allow outgoing ssh, Oracle

ports, www, ... from the private network.
I want to add more rules via iptableas to _protect_ my internal LAN from the
public packets. i.e
to block any forwarded packets to my internal lan.



Routing table of the web server:
------------------------------------------------
Destination Gateway  Genmask Iface
10.5.0.0  0.0.0.0          255.255.0.0     eth0
169.254.0.0 0.0.0.0          255.255.0.0     eth1
192.168.0.0 0.0.0.0          255.255.0.0     eth1
10.0.0.0  10.5.0.1         255.0.0.0        eth0
0.0.0.0  192.168.10.1     0.0.0.0  eth1

IPTABLES
----------------
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     ipv6-crypt--  anywhere             anywhere
ACCEPT     ipv6-auth--  anywhere             anywhere
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:5353
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     all  --  anywhere             anywhere            state
RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp
dpt:http
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp
dpt:https
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp
dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp
dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp
dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp
dpt:1521
REJECT     all  --  anywhere             anywhere            reject-with
icmp-host-prohibited


--
madunix
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]

  Powered by Linux