Networking Firewall with Masquerading and Forwarding support.Overview
Contrary to the example configurations in Chapter 7, configuring a Linux Server to masquerade and forward traffic generally from the inside private network that has unregistered IP addresses (i.e. 192.168.1.0/24) to the outside network (i.e. the Internet) require a special setup of your kernel and of your firewall configuration scripts file. (Далее…)
Configuration of the “/etc/rc.d/init.d/firewall” script file for the Mail Server
This is the configuration script file for our Mail Server. This configuration allows unlimited traffic on the Loopback interface, ICMP, DNS Server and Client (53), SSH Server (22), SMTP Server and Client (25), IMAP server (143), and OUTGOING TRACEROUTE requests by default.
If you don’t want some services listed in the firewall rules files for the Mail Server that I make ON by default, comment them out with a “#” at the beginning of the line. If you want some other services that I commented out with a “#”, then remove the “#” at the beginning of their lines. (Далее…)
Страниц: 1 2 3 4 5 6 7 8 9 10 11
The firewall scripts files
The tool ipchains allows you to set up firewalls, IP masquerading, etc. Ipchains talks to the kernel and tells it what packets to filter. Therefore all your firewall setups are stored in the kernel, and thus will be lost on reboot. To avoid this, we recommend using the System V init scripts to make your rules permanent. To do this, create a firewall script file like shown below in your 7etc/rc.d/init.d/” directory for each servers you have. (Далее…)
Some explanation of rules used in the firewall script files
The following is an explanation of a few of the rules that will be used in the Firewalling examples below. This is shown just as a reference, the firewall scripts are well commented and very easy to modify. (Далее…)
Build a kernel with IPCHAINS Firewall support
The first thing you need to do is ensure that your kernel has been built with Network Firewall support enabled and Firewalling. Remember, all servers should be configured to block unused ports, even if there are not a firewall server. In the 2.2.14 kernel version you need to be sure that you have answered Y to the following questions: (Далее…)