Results 1 to 3 of 3
Hi, I'm setting up an apache cluster using ipvsadm using a linux server as a router. My linux server has two NIC's and I have this script #!/bin/sh EXTIF="eth1" INTIF="eth0" ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 04-27-2007 #1
- Join Date
- Apr 2007
I'm setting up an apache cluster using ipvsadm
using a linux server as a router. My linux server
has two NIC's and I have this script
# Clearing any existing rules and setting default policy
iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
iptables -P FORWARD DROP
iptables -F FORWARD
iptables -t nat -F
# FWD: Allow all connections OUT and only existing and related ones IN
iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
#" Enabling SNAT (MASQUERADE) functionality on $EXTIF
iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
to make the linux server a linux router.
I want to block all the ports on the external NIC ($EXTIF) except for ports 80,443,20,21.
Can some one give me some info on how to modify this script so that I can
block all the ports except for the ones I've mentioned.
- 04-27-2007 #2
You can allow and deny in /etc/hosts.allow and /etc/hosts.deny files, but its probably best to have a iptables script in place. Go to www.netfilter.org and it will explain everything you need to know in order to complete this.$Billz
How much wood would a wood chuck chuck if a wood chuck could chuck wood? None they eat plants!
Dell Optiplex GX260, LTSP Diskless Workstation, Fedora Core 6
- 04-28-2007 #3
There is one issue: You accept all connections to your router
iptables -P INPUT ACCEPT iptables -F INPUT iptables -P OUTPUT ACCEPT iptables -F OUTPUT"Really, I'm not out to destroy Microsoft. That will just be a completely unintentional side effect." Linus Benedict Torvalds