how to restrict access to my box?

[waker]

i have a following setup:

slackware 9.1
ethernet
modem

so i have dialup internet connection and i use it from 2 windows boxes through NAT.
server has http, ftp, cvs, etc

i want to block any outer access to my box except for some range of ip addresses that i want to allow (i have dynamic ip visible from internet).

i.e. i want my server to be visible from my home network (172.15.*.*), and from local network of my ISP (10.*.*.*), but deny access from any other ip addresses.

the question is: what tools should i use, what manuals to read?
i have iptables configured to allow use of ppp from my home network, but i don't understand configs (my friend configured it for me)
tried to read manuals and tutorials, but to no success - i'm just not a sysadmin, and networking is not a part my interests..

[joroxx]

i have a following setup:

slackware 9.1
ethernet
modem

so i have dialup internet connection and i use it from 2 windows boxes through NAT.
server has http, ftp, cvs, etc

i want to block any outer access to my box except for some range of ip addresses that i want to allow (i have dynamic ip visible from internet).

i.e. i want my server to be visible from my home network (172.15.*.*), and from local network of my ISP (10.*.*.*), but deny access from any other ip addresses.

the question is: what tools should i use, what manuals to read?
i have iptables configured to allow use of ppp from my home network, but i don't understand configs (my friend configured it for me)
tried to read manuals and tutorials, but to no success - i'm just not a sysadmin, and networking is not a part my interests..

well you have to get your hands dirty (networking and being a sysadmin) if you want things done your way. read the fine manuals, search the fine web. you would need to read on the networking HOWTO found at www.tljp.org.

[waker]

well you have to get your hands dirty (networking and being a sysadmin) if you want things done your way. read the fine manuals, search the fine web. you would need to read on the networking HOWTO found at www.tljp.org.

yes, i totally agree that i could do RTFM, but i just don't have so much time to read all of the manuals and tools.
what i ask is what exact tools should i use.
i'm not afraid of making my hands dirty :) just limited in time.
can u confirm that iptables is the tool i need?
if so - i'll just sit and read all the tutors, faqs, manpages, howtos, etc...

my knowledge of networking is now limited around setting up LAN (ifconfig), configuring routing for my home network and keeping d2gs server running 24/7 for my friends.
i also have apache-httpd and proftpd running..
so i'm not n00biest of dummies.. but iptables config (and all those details about understanding packet filtering and all) is far complex, especially when i'm not sure it's the tool i need.

i'd like something simple like hosts.deny and hosts.allow :) but it only works when daemon sits under inetd.. seems like not suitable at all..

btw, ur url is not working..

[tuubaaku]

he means "tldp.org" - the linux documentation project

[sarumont]

IPTables is what you want to use. Check out netfilter.org as well for some good docs on how to use it.

[waker]

IPTables is what you want to use. Check out netfilter.org as well for some good docs on how to use it. 8)

thanx
i did it through adding some ppp0 input filter rules, and one of my friends also helped me with some more tweaks like broadcast echo protection, disable sending redirect messages, etc..

when i'll be sure it really works as i need - i'll add some comments into script and post it here..

[sarumont]

when i'll be sure it really works as i need - i'll add some comments into script and post it here..

Comments? What're those?

Glad you found your answers and got everything working.