Results 1 to 6 of 6
Hi folks,
I have just got sarge installed on one of my computers that I have been messing around with.
I am looking for a simple but good firewall that ...
- 02-07-2005 #1Just Joined!
- Join Date
- Apr 2004
- Posts
- 18
sarge firewall
Hi folks,
I have just got sarge installed on one of my computers that I have been messing around with.
I am looking for a simple but good firewall that I can use. Basically what I want to do is:
1). Run a small web/email and ftp server from the debain box
2). Access the Internet from my windows box.
Internet <->cablemodem<->debain(web/email/ftp server)<->hub<->Windows
I have found this script so far, but not sure if it will allow me to access the net from my windows box.
iptables -F
iptables -N FIREWALL
iptables -F FIREWALL
iptables -A INPUT -j FIREWALL
iptables -A FORWARD -j FIREWALL
iptables -A FIREWALL -p tcp -m tcp --dport 25 --syn -j ACCEPT
iptables -A FIREWALL -p tcp -m tcp -s 192.168.20.1/24 --dport 22 --syn -j ACCEPT
iptables -A FIREWALL -i lo -j ACCEPT
iptables -A FIREWALL -p udp -m udp --sport 53 -j ACCEPT
iptables -A FIREWALL -p tcp -m tcp --sport 53 -j ACCEPT
iptables -A FIREWALL -p udp -m udp --dport 123 -j ACCEPT
iptables -A FIREWALL -p udp -m udp --sport 6277 -j ACCEPT
iptables -A FIREWALL -p udp -m udp --sport 24441 -j ACCEPT
iptables -A FIREWALL -p tcp -m tcp --syn -j REJECT
iptables -A FIREWALL -p udp -m udp -j REJECT
iptables-save > /etc/firewall-rules
iptables-restore < /etc/firewall-rules
Can anyone help?
thanks
Kev
- 02-08-2005 #2Linux Engineer
- Join Date
- Jul 2003
- Location
- England
- Posts
- 1,219
Is the Debian box going to be the firewall? If it is I would advise you not to run any services on the firewall this is a golden rule. If you are running say Apache on your firewall and it has a vuln then someone exploits that and gets r00t they then have full access to you internal network. They should be segragated into seperate machines and seperate networks(DMZ).
- 02-08-2005 #3Just Joined!
- Join Date
- Apr 2004
- Posts
- 18
Hi Giro,
well, for now the firewall/email/web/ftp will be on the one box. just a little project I am messing around with.
Once I am confident of my work, they will be on seperate boxes. I only have 2 computers, the debain one any my windows one. Once I am happy, I will go out and buy a cheap second hand base unit for the firewall and re-use the box I have now, as the email/web/ftp server.
Are you able to help me out?
Cheers
Kev
- 02-11-2005 #4Just Joined!
- Join Date
- Feb 2005
- Posts
- 1
Hi Altern8
some of the Debian Users might find my proposition inappropriate, but have a look at the bastille-firewall. Very simple with a different approach for a configuration GUI. You might have a lot of fun with this tiny peace of software.
minimec
- 02-11-2005 #5Linux Guru
- Join Date
- Mar 2004
- Posts
- 2,408
i don't find it inappropriate
there are some debian packages too
http://packages.debian.org/cgi-bin/s...ll&release=all
technically it is not a firewall however
http://www.bastille-linux.org/Brilliant Mediocrity - Making Failure Look Good
- 02-15-2005 #6Just Joined!
- Join Date
- Apr 2004
- Posts
- 18
Hi folks,
Many thanks for all your help, finally managed to get something sorted. I got shorewall installed and works great for what I need it for. Very easy to install and configure.
Thanks
Kev
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
