Re: Ipchains
If you use ip_masq internal network have privite ip address(eg.
192.168.X.X or 10.X.X.X)
In this case machines from internal network canot access directly the
internet.All traffic from internal
network will be masquaraded.
I read your firewall script.
If you wish to create a good packet fillter you must start width:
deny all all
and insert roules for speciffic hosts or ports. This is a safe way for
creating a firewall script, but is not optimised.
A useful option of ipchains is -i (interface). You can accept any
traffic from internal interface and deny
any trafic from external interface. This option will be simplify your
firewall script !
Have a nice day !
Jay Kelly wrote:
>
> Hello Group,
> I have been running ipchains on a Debian Potato for awhile now. Everythin
> g seems to be working great. I do however wonder how secure me firewall
> really is. Being a newbie to linux I have a few questions. I am using
> a proxy and when I tell me clients not to use the proxy they still can.
> Should that be happening? Also I want to use the mod ip_masq_icq,
> ip-masq-ftp etc. Shouldnt I make a rule to DENY all outbound internet
> traffic make the most of the mod's? Bassically I want a firewall that
> not only filters incoming but outgoing. I have attached my firewall
> script. Please look at it and give me your opinion. Any help would
> be great.
>
> --
>
> If Windows is the answer, then I want the problems back!
>
> Powered by Debian GNU/Linux.
> http://www.debian.org
>
>
> ------------------------------------------------------------------------
>
> firewallName: firewall
> Type: Plain Text (text/plain)
Reply to:
- References:
- Ipchains
- From: Jay Kelly <neutec@debiandomain.com>