Basic firewal for masquerading use

To: debian-firewall@lists.debian.org
Subject: Basic firewal for masquerading use
From: Pedro Corte-Real <typo@netcabo.pt>
Date: Mon, 3 Sep 2001 00:11:19 +0100
Message-id: <01090300111900.00627@planck>

I have a simple cable modem + internal LAN setup. The cable modem connects to 
an ethernet board on the firewall and the LAN connects to annother ethernet 
board on the same box.

Linux 2.2.19 and debian potato are used on the firewal.

All ports on the external interface are closed except ssh for admin and some 
scp (when files need to be exchanged) and http for my personal webserver.

my ipchains are these:

:input ACCEPT
:forward DENY
:output ACCEPT
-A forward -s 192.168.1.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j MASQ
-A output -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 23:23 -p 6 -t 01 10
-A output -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 21:21 -p 6 -t 01 10
-A output -s 0.0.0.0/0.0.0.0 20:20 -d 0.0.0.0/0.0.0.0 -p 6 -t 01 08
-A output -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 22:22 -p 6 -t 01 10
-A output -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 80:80 -p 6 -t 01 10

This is basic masq setup plus some rules to give better responsiveness for 
http and such.

My question is what else should I do?
What rules should I add to try to prevent Dos attacks?
What else should I filter?


PS: Changin to iptables and 2.4 is not on my todo list for now since I don't 
consider it stable enough. 

Greetings from Portugal,

Pedro Corte-Real.

Reply to:

Prev by Date: iptables, masquerading and ip-aliasing
Next by Date: Firewall & Bridge
Previous by thread: iptables, masquerading and ip-aliasing
Next by thread: Firewall & Bridge
Index(es):
- Date
- Thread