[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: 2 nic setup for firewall machine



On Friday 14 February 2003 23:49, Benedict Verheyen wrote:
> ###########################################################################
> ### allow outside from firewall machine: ping, dns, proxy of isp (8080),
> ### dhcp, news, smtp,www, imap, pop3, ftp (+ftpdata), ssh, ddt
>
> ### all tcp ports ###
> $IPT -A inet_out -p tcp --dport 21 -j ACCEPT        # ftp
> $IPT -A inet_out -p tcp --dport 22 -j ACCEPT        # ssh
> $IPT -A inet_out -p tcp --dport 25 -j ACCEPT        # smtp
> $IPT -A inet_out -p tcp --dport 53 -j ACCEPT        # dns
> $IPT -A inet_out -p tcp --dport 80 -j ACCEPT        # www
> $IPT -A inet_out -p tcp --dport 110 -j ACCEPT       # pop3
> $IPT -A inet_out -p tcp --dport 143 -j ACCEPT       # imap
> $IPT -A inet_out -p tcp --dport 1052 -j ACCEPT      # ddt project ports
> $IPT -A inet_out -p tcp --dport 8080 -j ACCEPT      # proxy isp

Is it right (intended) that you don't allow https-type connections here?
If not, add
$IPT -A inet_out -p tcp --dport 443 -j ACCEPT       # https
You might also want to allow pop3, imap and smtp through SSL connections as 
well. The corresponding ports are 995, 993 and 465 respectively.

Regards,

Sven Müller
- IT - Network&Infrastructure -

-- 
* Heinrich Berndes Haushaltstechnik GmbH & Co KG
* Wiebelsheidestrasse 55, 59757 Arnsberg, Germany
* Phone: +49 2932 475-282 / FAX: -325
* http://www.berndes.com



Reply to: