[Techtalk] DMZ and iptables
Carla Schroder
carla at bratgrrl.com
Wed Apr 4 20:20:02 UTC 2007
I've gone all wacko and insecure over my iptables rules, which I do on a
regular basis. Here's the deal: a 3-port router with:
WAN
LAN - 192.168.1.0/24
DMZ
I want tight controls on traffic between the LAN and DMZ. So I need two
FORWARD rules, then INPUT rules for specific services, correct? Like this
example for a Web server in the DMZ:
$ipt -A FORWARD -i $LAN_IFACE -o $DMZ_IFACE -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
$ipt -A FORWARD -i $DMZ_IFACE -o $LAN_IFACE -m state --state
ESTABLISHED,RELATED -j ACCEPT
$ipt -A INPUT -p tcp -i $DMZ_IFACE -s 192.168.1.0/24 --dport 80 -j ACCEPT
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Carla Schroder
Linux geek and random computer tamer
check out my Linux Cookbook!
http://www.oreilly.com/catalog/linuxckbk/
best book for sysadmins and power users
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
More information about the Techtalk
mailing list