Hi, I'm not new to linux but I'm needed to administer a small group of computers snce recently and need to add a firewall to the network. It's a windows lan. I have been reading iptables howto and tutorials since many days but it's not very clear to me how to make my own firewall. What to add for a windows lan etc.
Can someone point me to some guide/website that would help me learn iptables quickly and easily? Maybe I need to read more howtos for detailed security later but for now I need urgent help or I won't be spared.
Your first task is to get a pen and paper, and draw a map of the LAN and where the firewall is to be located. Next, determine what services need to
+pass+ through the firewall (perhaps web outbound, SMTP outbound, POP inbound, etc.). Use 'tcpdump' to verify this. Then setup the firewall in accordance with the classic rules:
#1 - If you don't know what it is, block it, and see if anything breaks.
#2 - If while denying the connection, nothing breaks, then you didn't need that.
#3 - If the firewall appears to have 'broken' some function or service, look in the logs, and identify the specific problem. What specifically is being rejected? Then figure the smallest hole that will fix that problem. This may mean allowing connections to 'this' port, from 'that' IP address. Remember that word - you are opening a _hole_ in your defenses.
A good rule of thumb is that you should disallow everything, rather than just rule 1. It is of little use to have blocked port $FOO, when an entire _army_ of bad stuff is coming in through the other 65,000 ports that you left open to the world. This is especially true for the home user, or the inexperienced. Then you can follow rules 2 and 3 to resolve any problem that may develop. "Block everything by default, and allow needed items" is a lot safer than attempting to block specific items while allowing everything else. What you don't know (or block) _can_ hurt you.
formatting link
2. Linux Consultants Guide
That guide lists 127 contacts in India who can help you.
Nothing beyond what is needed for your specific setup. What that may be? How do you expect us to know what you are doing on your LAN? You also don't identify the Linux distribution, but all modern distributions come with simple tools to configure a firewall. Assuming your Linux box has been running long enough for cron to have run 'makewhatis' overnight, then the command 'apropos firewall' should turn up a lot of clues. If all else fails:
Web Results 1 - 10 of about 197,000 for iptables configuration+tools. (0.29 seconds)
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.