Hi Mike:
If I understand you correctly, there are several machines with connections
to
the Internet as well as the Internal LAN. Thus an external PPP0 or Ethernet
and an
Ethernet card on the Internal LAN. Assuming the above assumptions are
correct.
This is the line I have in my firewall service on the Linux machines exposed
to the outside.
echo " - Allowing EXTERNAL access to the SSH server"
$IPTABLES -A INPUT -i $EXTIF -m state --state NEW,ESTABLISHED,RELATED \
-p tcp -s $ANYWHERE -d $EXTIP --dport 22 -j ACCEPT
I am assuming you already have a rule to allow access to the SSH Server from
the
Machines on the Internal LAN. I generally like to keep my rules as specific
as possible.
Hope that helps.
Stu...........
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Mike Barnes
Sent: April 9, 2002 7:08 PM
To: [EMAIL PROTECTED]
Subject: Little help with outbound connections?
Hi folks - I'm hoping someone will be kind enough to supply me with an
example of how I might accomplish something - I have a bunch of systems
on live internet addresses. I'm setting up iptables to restrict what
these machines can do on the net. The ideal situation is:
- Complete access to the local subnet only
- Only SSH, POP3 and IMAP outbound connections to the rest of the net
This is done. Not that hard. The bit that's giving me grief is that I'd
really like to allow incoming SSH access to these machines from anywhere
on the net, but this isn't going to work out too well if outbound
connections are denied. Is there an easy way to specify that outbound
connections are OK if they're in response to an incoming connection on
TCP port 22?
I've been reading chunks of documentation here and there all morning and
my brain is starting to dribble out of my ears. :)
Thanks,
Mike.
