firewall newbie questions
hello, apart from some masquerading stuff for my dsl router I'm really
new to the firewall topic, but anyway i now have to configure some.
the first and most complex one is for a server mainly hosting webpages
and running some services to make webmasters life easier, like ssh and
ftp.
additional it runs a nameserver for the two domains it hosts and a
mailserver used by some people as relay/smarthost.
The special thing about this server is that it has 4 different ips on
the devices eth0, eth0:0, eth0:1 and eth0:2, the first three in the same
class C net, the forth in another. This way I workaround the two
nameservers from different class c nets required by denic to set new
nameserver entries for .de domains. My luck that my hosting center
supports that *g*
so i use the first ip and the last one for nameserver and mail, and the
other two for all the other stuff, mainly devided on dns base.
Now I'dd like to setup a firewall that allows full access to the ports I
configure (21, 22, 25, 53, 80, 143, 443, 993, ...), and denies access to
all other ports by default, but support to allow access to given ports
based on dns/ip authentication.
I already searched the files in /usr/shared/doc/iptables/ and lurked for
some firewall frontends/scripts, but didn't find the right thing.
fiaif looked nice first, but i didn't get the picture about how to
configure it nice, and it blocked to much by default configuration for
me (for example my non-standard ftp ports).
maybe you can point me to the right docs or simply to the right firewall
tools.
bye
jonas
Reply to: