iptables filtering rules

To: debian-security@lists.debian.org
Subject: iptables filtering rules
From: Andras GALAMBOSI <gaan@telant.tvnet.hu>
Date: Mon, 25 Mar 2002 22:46:45 +0100
Message-id: <[🔎] 20020325214645.83A2A57B1@brahma.telant.tvnet.hu>

Hello all,

sorry to disturb you with this silly question. I am sure, that it is obvius 
to all list members (except me ;)

scenario: intranet (10.10.1.x) with win clients (NT & 2k), gateway (Debian 
GNU/Linux potato with kernel 2.4.18 + iptables).  NAT is used for requests 
from intranet to Internet. this works fine. Web & mailserver is behind the 
firewall, so I needed to set up portforwarding. dnat is used for this. this  
works fine.
as the webserver is an ii$, I am sure, that some firewall rules must be set 
up for these two ports. The access.log shows, that is a MUST:
GET /scripts/root.exe?/c+dir HTTP/1.0
GET /MSADC/root.exe?/c+dir HTTP/1.0
GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0
... so on...      I'm sure, that it's just a script kiddie, but, on the other 
hand, it's just m$ product.

Q: how to set up filtering rules, if a PREROUTING dnat rule has been set up 
before? the packet never comes to the INPUT. nor to the FORWARD, doesn't it?
I really do not want to set up another firewall onto that win2k server.


TIA,
gaan


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: iptables filtering rules
  - From: "Christian G. Warden" <cwarden@xerus.org>
- Re: iptables filtering rules
  - From: Luiz Carlos Santos de Alencar <luiz@infoporto.com.br>

Prev by Date: RE: failed ssh breakins on my exposed www box ..
Next by Date: Re: failed ssh breakins on my exposed www box ..
Previous by thread: unsubcribe
Next by thread: Re: iptables filtering rules
Index(es):
- Date
- Thread