Re: Securing IPMASQ gateway

Steve Shah Wed, 19 Jan 2000 02:55:58 -0800
Not quite -- I'll take my config as an example: my firewall also
does some internal serving which leaves a few ports open. For 
arguments sake, lets assume these ports are 110/tcp (POP), 25/tcp
(SMTP), 23/tcp (telnet), and 22/tcp (ssh). All three are configured to
accept connections from any interface. I can see this with 
netstat -an. My internet connection comes from eth1. Because I want to
remain flexible with what I allow, I block those ports which I'm
listening to. 

#!/bin/sh
#
# sample firewall setup
#
ipchains -I input -p tcp --destination-port 23  -i eth1 -j REJECT -l
ipchains -I input -p tcp --destination-port 25  -i eth1 -j REJECT -l
ipchains -I input -p tcp --destination-port 110 -i eth1 -j REJECT -l







On Tue, Jan 18, 2000 at 01:28:55PM -0800, Manuel A. McLure wrote:
> So I have to deny each port specifically? If I'm using IPMASQ, can I simply
> DENY all ports 0-1023 coming in from the external interface (since IPMASQ
> will use ports above 1023) and have that work?
> 
> --
> Manuel A. McLure - Unify Corp. Technical Support <[EMAIL PROTECTED]>
> Vah! Denuone Latine loquebar? Me ineptum. Interdum modo elabitur.
> 
> 
> -----Original Message-----
> From: Steve Shah [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, January 18, 2000 12:14 PM
> To: Manuel A. McLure
> Cc: '[EMAIL PROTECTED]'
> Subject: Re: Securing IPMASQ gateway
> 
> 
> Deny ports based on which device the packet comes from. 
> 
> On Tue, Jan 18, 2000 at 09:13:02AM -0800, Manuel A. McLure wrote:
> > I am looking for a way to secure my IPMASQ gateway machine. My situation
> is
> > the following: I have a network of three machines - two workstations
> running
> > Linux and Windows 95/98, and a gateway running Linux (all Linuxes are Red
> > Hat 6.1). The gateway has an ethernet card connected to the internal
> network
> > and a second ethernet that will be connected to a cable modem. It is set
> up
> > for IPMASQ already - my internal addresses are 10.1.1.X.

-- 
______________________________________________________________________________
Steve Shah ([EMAIL PROTECTED]) | Alteon Web Systems Inc. (Developer/Sysadmin)
    http://www.alteon.com     |   Voice: 408.360.5500  Fax: 408.360.5500
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
             Beating code into submission, one OS at a time...
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
Re: Securing IPMASQ gateway

Reply via email to
