Re: Securing IPMASQ gateway

Steve Shah Tue, 18 Jan 2000 20:59:08 -0800
Deny ports based on which device the packet comes from. 

On Tue, Jan 18, 2000 at 09:13:02AM -0800, Manuel A. McLure wrote:
> I am looking for a way to secure my IPMASQ gateway machine. My situation is
> the following: I have a network of three machines - two workstations running
> Linux and Windows 95/98, and a gateway running Linux (all Linuxes are Red
> Hat 6.1). The gateway has an ethernet card connected to the internal network
> and a second ethernet that will be connected to a cable modem. It is set up
> for IPMASQ already - my internal addresses are 10.1.1.X.
> 
> If the gateway was only doing routing, it would be easy to secure. However,
> the gateway also provides services (http, samba printing, sendmail) to the
> internal machines. What I am looking for is a way to block *all* incoming
> connections on the external interface that do not correspond to a IPMASQed
> connection. I have absolutely no services that I want to provide to the
> outside world - all connections should be from the inside out, none from the
> outside in.
> 
> I have been trying to understand the ipchains rules, but I can't determine
> whether the forwarding/masqing rules will override the input/output rules.
> If so, it would be easy to just REJECT or DENY all incoming connections on
> the external interface. Is this possible, or is there more that must be
> done?
> 
> Once again, I want *all* attempts to connect from the outside to be blocked.
> 
> Thanks,
> --
> Manuel A. McLure - Unify Corp. Technical Support <[EMAIL PROTECTED]>
> Vah! Denuone Latine loquebar? Me ineptum. Interdum modo elabitur.
> 
> -
> To unsubscribe from this list: send the line "unsubscribe linux-net" in
> the body of a message to [EMAIL PROTECTED]

-- 
______________________________________________________________________________
Steve Shah ([EMAIL PROTECTED]) | Alteon Web Systems Inc. (Developer/Sysadmin)
    http://www.alteon.com     |   Voice: 408.360.5500  Fax: 408.360.5500
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
             Beating code into submission, one OS at a time...
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
Re: Securing IPMASQ gateway

Reply via email to
