Re: 2 nic setup for firewall machine

To: debian-firewall@lists.debian.org
Subject: Re: 2 nic setup for firewall machine
From: IT - Sven Mueller <debiansec@berndes.com>
Date: Wed, 12 Feb 2003 12:40:17 +0100
Message-id: <200302121240.17202.debiansec@berndes.com>
In-reply-to: <20030211232237.GA840@iup.edu>
References: <20030211125808.CAFF81F53D@murphy.debian.org> <20030211232237.GA840@iup.edu>

On Wednesday 12 February 2003 00:22, Jason McCarty wrote:

[...]
> > $IPT -A FORWARD -i $INTIF -o $EXTIF -p tcp --dport 80 -j ACCEPT
[...]
> > $IPT -A FORWARD -i $INTIF -o $EXTIF -p tcp --dport 8080 -j ACCEPT
> > $IPT -A FORWARD -i $INTIF -o $EXTIF -p tcp --dport 8080 -j ACCEPT
[...]

You might want to also add a rule with "--dport 443" here for https:// type 
connections. Also the --dport 8080 rule is duplicated.

Also, I remommend the multiport option there:

$IPT -A FORWARD -i $INTIF -o $EXTIF -p tcp -m multiport --dport 80,8080,443

would allow all connections to commonly used http/https ports. Much easier to 
read than a multitude of rules.

Regards,

Sven Müller
- IT - Network&Infrastructure -

-- 
* Heinrich Berndes Haushaltstechnik GmbH & Co KG
* Wiebelsheidestrasse 55, 59757 Arnsberg, Germany
* Phone: +49 2932 475-282 / FAX: -325
* http://www.berndes.com

Reply to:

Follow-Ups:
- Re: 2 nic setup for firewall machine
  - From: Benedict Verheyen <linux4bene@pandora.be>

References:
- Re: Re: 2 nic setup for firewall machine
  - From: "Benedict Verheyen" <linux4bene@pandora.be>
- Re: 2 nic setup for firewall machine
  - From: Jason McCarty <bclg@iup.edu>

Prev by Date: Re: 2 nic setup for firewall machine
Next by Date: Recommendations for a simple firewall please
Previous by thread: Re: 2 nic setup for firewall machine
Next by thread: Re: 2 nic setup for firewall machine
Index(es):
- Date
- Thread