Hi, All
Now, I make my server as internet-gateway/firewall.
I need your help and you suggestion about more security. Caz. i know my INPUT / OUTPUT Chain is open. How can i make it more secure ?
Thank you very much Pratchaya
My Network Diagram. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
ADSL Router { eth1::: My Server :::: eth0 Local n= etwork (192.168.0.xx )
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =AD=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D
My Command line =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
service iptables stop iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 3128 iptables -P FORWARD DROP iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i eth0 -o eth1 -s 192.168.0.0/24 -m multiport -p tcp --dport 53,80,110,143,443,993,995,3128 -j ACCEPT iptables -A FORWARD -i eth0 -o eth1 -s 192.168.0.0/24 -m multiport -p udp --dport 53,110,143,993,995,1863 -j ACCEPT service iptables save
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =AD=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D
My Iptable List =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
[root@firewall ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destinationChain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- 192.168.0.0/24 anywhere multiport dports domain,http,pop3,imap,https,imaps,pop3s,squidACCEPT udp -- 192.168.0.0/24 anywhere multiport dports domain,pop3,imap,imaps,pop3s,1863
Chain OUTPUT (policy ACCEPT) target prot opt source destination [root@firewall ~]#