1. Home
  2. Networking Firewalls
  3. Anyone can help me for more secure. firewall.

Anyone can help me for more secure. firewall.

Hi, All

Now, I make my server as internet-gateway/firewall.

I need your help and you suggestion about more security. Caz. i know my INPUT / OUTPUT Chain is open. How can i make it more secure ?

Thank you very much Pratchaya

My Network Diagram. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

ADSL Router { eth1::: My Server :::: eth0 Local n= etwork (192.168.0.xx )

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =AD=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D

My Command line =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

service iptables stop iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT

--to-port 3128 iptables -P FORWARD DROP iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i eth0 -o eth1 -s 192.168.0.0/24 -m multiport -p tcp --dport 53,80,110,143,443,993,995,3128 -j ACCEPT iptables -A FORWARD -i eth0 -o eth1 -s 192.168.0.0/24 -m multiport -p udp --dport 53,110,143,993,995,1863 -j ACCEPT service iptables save

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =AD=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D

My Iptable List =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

[root@firewall ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination

Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- 192.168.0.0/24 anywhere multiport dports domain,http,pop3,imap,https,imaps,pop3s,squidACCEPT udp -- 192.168.0.0/24 anywhere multiport dports domain,pop3,imap,imaps,pop3s,1863

Chain OUTPUT (policy ACCEPT) target prot opt source destination [root@firewall ~]#

Reply to
pratchaya
Loading thread data ...

Why dont you look at a easy to implement and configure commercial firewall which is cost effective as well. I would recommend gajshield SecureGate Firewall which includes ICSA Firewall, IPS, URL Filtering, Gateway Virus Screening, VPN and Bandwidht Management. their website

formatting link

Reply to
NT17

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.