I just finished setting up my LAN at home, and I am using Mandrake 6.1 as my
Server, RoadRunner Gateway. I have a second computer (client computer) that
can talk to the internet by enabling ip forwarding/masquerading on my server
box. Can anybody help me figure out how the firewall rules work? I have read
a document but some things are still not clear:
My goal is to prevent access from the outside to my Server unless the packet
comes from network 22.33.*.* for example. I also want to keep
sending/receiving email from my client machine (I can do this right now),
keep DNS traffic flowing into my server, and keep letting my client access
anything on the internet using my server as the gateway. Right now
everything works (I can surf the internet from my client which indicates
that DNS traffic is flowing, send/receive email, ping/telnet/ftp to any
computer out there, but also ping/telnet/ftp into my server from the
outside, which I want to prevent unless, like I said, the request comes from
network 22.33.*.*.)
My rc.firewall file looks like this:
fw=/sbin/ipfwadm-wrapper
echo 1 > /proc/sys/net/ipv4/ip_forward # enable IP forwarding
$fw -F -f
$fw -I -f
$fw -O -f
# $fw -I -p deny # commented out b/c I get a message during boot
# saying ip-chains rules are empty <----- any clues on
this?
# $fw -O -p deny # commented out b/c I get a message during boot <----| |
# saying ip-chains rules are empty |
# $fw -F -p deny # commented out b/c I get a message during boot <-------
# saying ip-chains rules are empty
# let my LAN talk to anybody out there???? <---- is this comment right?
$fw -I -p accept -S 0.0.0.0/0 -D 172.16.0.0/16
# let my LAN talk recv packets from anybody out there??? <---- is this
comment right?
$fw -O -p accept -S 172.16.0.0/16 -D 0.0.0.0/0
# let my server forward and masquerade packets that come from anybody? <----
is this correct?
$fw -F -a m -S 172.16.0.1/16 -D 0.0.0.0/0
# email rules
$fw -F -a accept -b -P tcp -S 0.0.0.0/0 1024:65535 -D <RR IP ADDRESS> 25
$fw -F -a accept -b -P tcp -S <RR IP ADDRESS> 25 -D 0.0.0.0/0 1024:65535
# www rules
$fw -F -a accept -b -P tcp -S 0.0.0.0/0 1024:65535 -D <RR IP ADDRESS> 80
# dns rules
$fw -F -a accept -b -P udp -S 0.0.0.0/0 53 -D <RR IP SUBNET>
Can anybody let me know what else I need to do to prevent access from the
outside (unless it comes from network 22.33.*.*) to my server without
affecting the rest of the rules (i.e. w/o affecting DNS, smtp, and www)???
Also, if somebody could clarify my "<---" questions next to comments?
Thanks
---------------------------------------------------------------------------
Send administrative requests to [EMAIL PROTECTED]
