[CentOS] Firewall frustration

Tue Jan 1 19:39:00 UTC 2008
Robert Moskowitz <rgm at htt-consult.com>

Thanks I will read this through a bit later. Perhaps I was making more 
of it than needed, but my attempts were not working. And all I was 
trying for at first was to allow SSH through.

Steven Haigh wrote:
>
> On 02/01/2008, at 4:11 AM, Robert Moskowitz wrote:
>> I spent much of the past 24 hours trying to find out how to set up 
>> iptables for firewall routing WITHOUT NATing. Could not find anything.
>
>
> *boggle* Is it really that hard?
>
> ## Clear up whatever is in there at the moment.
> iptables -F INPUT
> iptables -F FORWARD
> iptables -F OUTPUT
> iptables -t nat -F POSTROUTING
>
> ## Accept anything related to existing connections
> iptables -A INPUT -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
> iptables -A FORWARD -i ppp0 -m state --state RELATED,ESTABLISHED -j 
> ACCEPT
>
> ## I want to allow incoming port 80 to 1.2.3.4
> iptables -A FORWARD -i ppp0 -d 1.2.3.4 -p tcp -m state --state NEW -m 
> tcp --dport 80 -j ACCEPT
>
> ## I want to allow incoming port 123 (ntp) to 1.2.3.6
> iptables -A FORWARD -i ppp0 -d 1.2.3.6 -p udp -m udp --dport 123 -j 
> ACCEPT
>
> ## Lets block ALL other incoming things
> iptables -A INPUT -j DROP
> iptables -A FORWARD -j DROP
>
> There you go. That's a very basic firewall using iptables in about 3 
> minutes :)
>
> -- 
> Steven Haigh
>
> Email: netwiz at crc.id.au
> Web: http://www.crc.id.au
> Phone: (03) 9001 6090 - 0412 935 897
>
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>