Find the answer to your Linux question:
Results 1 to 9 of 9
Hi i want to configure firewall server in centos 5 for my office, some thing like this First Internet Adsl Modem ---------- |modem| ---------- Eth0 | ----------------- | firewall | ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Aug 2008
    Location
    India
    Posts
    5

    Exclamation how to configure firewall server in centos 5 X for small office


    Hi
    i want to configure firewall server in centos 5 for my office,
    some thing like this
    First Internet
    Adsl Modem
    ----------
    |modem|
    ----------
    Eth0 |
    -----------------
    | firewall |
    | server |
    -----------------
    Eth1 |
    --------------
    | switch |
    -------------- hare my 15 computers

    can some one help me to configure firewall server, and also i want to connect from out side way SSH so i can handle server from out said or home
    and can some one help me about the count internet on users or give them 100MB par month is it possible to do? i use to do on kerio firewall, is there kerio firewall for linux system
    Thanks
    Vishu

  2. #2
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    The firewall is simple enough just need to know your requirements.

    What is allowed in?
    What is allowed out?
    What service you want to provide?

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  3. #3
    Just Joined!
    Join Date
    Aug 2008
    Location
    India
    Posts
    5
    Hi
    services in! from internet
    http, Pop, Messenger, ftp, no any other service in
    services out! from internet
    http, smtp, Messenger, ftp, no any other service out
    services wan to provide,
    1 count internet for user like 50MB par month they can but can't cross there limit
    2 server sud control from out said home or from different city by ssh
    some one told me by dyndns one can control but in router there is no dyndns client so i was thinking to install openwrt in router belkin F5D7633-4 not sure witch openwrt firmware to install.
    thanks

    regards
    vishu

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Are you hosting anything?

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  6. #5
    Just Joined!
    Join Date
    Aug 2008
    Location
    India
    Posts
    5
    No, i just want to have small server!

  7. #6
    Just Joined!
    Join Date
    Aug 2008
    Location
    India
    Posts
    5
    no i m not hosting and i don't want to host all so.

  8. #7
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    First become root and cd into /etc/

    Edit sysctl.conf and ensure the following line is setup:

    Code:
    # Controls IP packet forwarding
    net.ipv4.ip_forward = 1
    This turns on forwarding for you.

    Now cd to /etc/sysconfig

    Enter the following commands:

    Code:
    mv ./iptables ./iptables.org
    cp ./iptables-config ./iptables-config
    (We are making copies incase we need to back out for one reason or another)

    Edit iptables-config and ensure the following line is setup:

    Code:
    IPTABLES_MODULES="ip_conntrack_ftp
    Now enter the following command:

    Code:
    touch myfirewall
    With your favoriate editor edit myfirewall and place the following into it:

    Code:
    #!/bin/sh
    #
    
    # The location of the IPtables binary file on your system.
    IPT="/sbin/iptables"
    
    # The following rules will clear out any existing 
    # chains that might have been created.
    $IPT -F
    $IPT -F INPUT
    $IPT -F OUTPUT
    $IPT -F FORWARD
    $IPT -F -t mangle
    $IPT -F -t nat
    $IPT -X
    $IPT -Z
    
    # These will setup our policies.
    $IPT -P INPUT DROP
    $IPT -P OUTPUT ACCEPT
    $IPT -P FORWARD DROP
    
    #POSTROUTING of outgoing packets
    $IPT -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    
    #INPUT Ruless
    $IPT -A INPUT -i eth1 -p tcp --dport 22 -m state --state NEW -j ACCEPT
    
    #LAN Rules
    $IPT -N LAN
    $IPT -A LAN -m state --state ESTABLISHED,RELATED -j ACCEPT
    $IPT -A LAN -p tcp --dport 22 -m state --state NEW -j ACCEPT
    $IPT -A LAN -p tcp --dport 25 -m state --state NEW -j ACCEPT
    $IPT -A LAN -p tcp --dport 80 -m state --state NEW -j ACCEPT
    $IPT -A LAN -p tcp --dport 110 -m state --state NEW -j ACCEPT
    $IPT -A LAN -p tcp --dport 443 -m state --state NEW -j ACCEPT
    $IPT -A LAN -j REJECT --reject-with tcp-reset
    $IPT -A LAN -j DROP
    
    #WAN Table
    $IPT -N WAN
    $IPT -A WAN -m state --state ESTABLISHED,RELATED -j ACCEPT
    $IPT -A WAN -j DROP
    
    #Forward packets to the proper chains for processing
    $IPT -A FORWARD -i eth0 -j WAN
    $IPT -A FORWARD -i eth1 -j LAN
    $IPT -A FORWARD -j DROP
    
    # Save the firewall rules
    /sbin/iptables-save
    Sorry I don't know what port Messenger uses.
    Just copy one of the line in "LAN Rules" and replace the port.

    Now do the following:

    Code:
    chkconfig --level 2345 iptables on
    chown root:root *
    chmod 700 myfirewall
    ./myfirewall
    The above does the following:
    Ensure your firewall is turned on
    Ensure all files in /etc/sysconfig are owned by root and in the group root
    Allows myfilrewall to be executed
    Runs myfirewall

    You do not have to run this script again unless you make changes to it. It saves the rules to iptables file which is read on firewall startup.

    For some reading look at this IPTABLES Tutorial it explains a lot of options that iptables uses with some examples.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  9. #8
    Just Joined!
    Join Date
    Aug 2008
    Location
    India
    Posts
    5
    Hi
    thanks! some how i have configure and it's working well, so now i have to configure firewall, now hare eth0 lan eth1 wan so i have to change in the firewall script a little ens ted off eth0 to change eth1 in the script it sud work right?

    thanks
    vishu

  10. #9
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Yes, you can swap eth0 and eth1 and it will work.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •