Find the answer to your Linux question:
Results 1 to 6 of 6

Thread: sarge firewall

Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    sarge firewall

    Hi folks,

    I have just got sarge installed on one of my computers that I have been messing around with.

    I am looking for a simple but good firewall that I can use. Basically what I want to do is:

    1). Run a small web/email and ftp server from the debain box
    2). Access the Internet from my windows box.

    Internet <->cablemodem<->debain(web/email/ftp server)<->hub<->Windows

    I have found this script so far, but not sure if it will allow me to access the net from my windows box.

    iptables -F
    iptables -N FIREWALL
    iptables -F FIREWALL
    iptables -A INPUT -j FIREWALL
    iptables -A FORWARD -j FIREWALL
    iptables -A FIREWALL -p tcp -m tcp --dport 25 --syn -j ACCEPT
    iptables -A FIREWALL -p tcp -m tcp -s --dport 22 --syn -j ACCEPT
    iptables -A FIREWALL -i lo -j ACCEPT
    iptables -A FIREWALL -p udp -m udp --sport 53 -j ACCEPT
    iptables -A FIREWALL -p tcp -m tcp --sport 53 -j ACCEPT
    iptables -A FIREWALL -p udp -m udp --dport 123 -j ACCEPT
    iptables -A FIREWALL -p udp -m udp --sport 6277 -j ACCEPT
    iptables -A FIREWALL -p udp -m udp --sport 24441 -j ACCEPT
    iptables -A FIREWALL -p tcp -m tcp --syn -j REJECT
    iptables -A FIREWALL -p udp -m udp -j REJECT
    iptables-save > /etc/firewall-rules
    iptables-restore < /etc/firewall-rules

    Can anyone help?



  2. #2
    Linux Engineer Giro's Avatar
    Join Date
    Jul 2003
    Is the Debian box going to be the firewall? If it is I would advise you not to run any services on the firewall this is a golden rule. If you are running say Apache on your firewall and it has a vuln then someone exploits that and gets r00t they then have full access to you internal network. They should be segragated into seperate machines and seperate networks(DMZ).

  3. #3
    Hi Giro,

    well, for now the firewall/email/web/ftp will be on the one box. just a little project I am messing around with.

    Once I am confident of my work, they will be on seperate boxes. I only have 2 computers, the debain one any my windows one. Once I am happy, I will go out and buy a cheap second hand base unit for the firewall and re-use the box I have now, as the email/web/ftp server.

    Are you able to help me out?



  4. $spacer_open
  5. #4
    Hi Altern8

    some of the Debian Users might find my proposition inappropriate, but have a look at the bastille-firewall. Very simple with a different approach for a configuration GUI. You might have a lot of fun with this tiny peace of software.


  6. #5
    i don't find it inappropriate

    there are some debian packages too

    technically it is not a firewall however
    Brilliant Mediocrity - Making Failure Look Good

  7. #6
    Hi folks,

    Many thanks for all your help, finally managed to get something sorted. I got shorewall installed and works great for what I need it for. Very easy to install and configure.



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts