I am looking for a way to secure my IPMASQ gateway machine. My situation is
the following: I have a network of three machines - two workstations running
Linux and Windows 95/98, and a gateway running Linux (all Linuxes are Red
Hat 6.1). The gateway has an ethernet card connected to the internal network
and a second ethernet that will be connected to a cable modem. It is set up
for IPMASQ already - my internal addresses are 10.1.1.X.
If the gateway was only doing routing, it would be easy to secure. However,
the gateway also provides services (http, samba printing, sendmail) to the
internal machines. What I am looking for is a way to block *all* incoming
connections on the external interface that do not correspond to a IPMASQed
connection. I have absolutely no services that I want to provide to the
outside world - all connections should be from the inside out, none from the
outside in.
I have been trying to understand the ipchains rules, but I can't determine
whether the forwarding/masqing rules will override the input/output rules.
If so, it would be easy to just REJECT or DENY all incoming connections on
the external interface. Is this possible, or is there more that must be
done?
Once again, I want *all* attempts to connect from the outside to be blocked.
Thanks,
--
Manuel A. McLure - Unify Corp. Technical Support <[EMAIL PROTECTED]>
Vah! Denuone Latine loquebar? Me ineptum. Interdum modo elabitur.
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
