Re: 2 nic setup for firewall machine
On Friday 14 February 2003 23:49, Benedict Verheyen wrote:
> ###########################################################################
> ### allow outside from firewall machine: ping, dns, proxy of isp (8080),
> ### dhcp, news, smtp,www, imap, pop3, ftp (+ftpdata), ssh, ddt
>
> ### all tcp ports ###
> $IPT -A inet_out -p tcp --dport 21 -j ACCEPT # ftp
> $IPT -A inet_out -p tcp --dport 22 -j ACCEPT # ssh
> $IPT -A inet_out -p tcp --dport 25 -j ACCEPT # smtp
> $IPT -A inet_out -p tcp --dport 53 -j ACCEPT # dns
> $IPT -A inet_out -p tcp --dport 80 -j ACCEPT # www
> $IPT -A inet_out -p tcp --dport 110 -j ACCEPT # pop3
> $IPT -A inet_out -p tcp --dport 143 -j ACCEPT # imap
> $IPT -A inet_out -p tcp --dport 1052 -j ACCEPT # ddt project ports
> $IPT -A inet_out -p tcp --dport 8080 -j ACCEPT # proxy isp
Is it right (intended) that you don't allow https-type connections here?
If not, add
$IPT -A inet_out -p tcp --dport 443 -j ACCEPT # https
You might also want to allow pop3, imap and smtp through SSL connections as
well. The corresponding ports are 995, 993 and 465 respectively.
Regards,
Sven Müller
- IT - Network&Infrastructure -
--
* Heinrich Berndes Haushaltstechnik GmbH & Co KG
* Wiebelsheidestrasse 55, 59757 Arnsberg, Germany
* Phone: +49 2932 475-282 / FAX: -325
* http://www.berndes.com
Reply to: