Very Computer

Thanks

Hi!,

Quote:> Hello!  I am in need of some advice here.  I have a webserver (uses
> SSL), an SQL server, and a Real Streaming server (also running DNS)
> located on a co-located network.  I would like to drop a Linux box to
> act as a firewall for the network.  I have never dabbled with IPChains
> and I would like to go directly to IPTables, but I am having some
> trouble finding good explanatory documentation on how to do this
> correctly.  These are live websites and I want to get this in place very
> soon.  Can someone provide some assistance in how to accomplish this?

This explains the basics of the IPTABLES system.  The first thing you will
have to do is work out what ports you want to make accessible and those that
you want to block.  Additionlly, you will also have to work out what ports
your SQL server is using.

See ya

Dean Thompson

--
+____________________________+____________________________________________+

| Bach. Computing (Hons)     | ICQ     - 45191180                         |
| PhD Student                | Office  - <Off-Campus>                     |
| School Comp.Sci & Soft.Eng | Phone   - +61 3 9903 2787 (Gen. Office)    |
| MONASH (Caulfield Campus)  | Fax     - +61 3 9903 1077                  |
| Melbourne, Australia       |                                            |
+----------------------------+--------------------------------------------+

My advice would be to drop the box in-line with no services running except ssh
and no packet filtering rules.

Add a cronjob that runs a script every 5 minutes to open the ssh port, if it
is not already open. This is case you mess up and lock and yourself out by
mistake, you will open a hole for yourself, to reset the firewall rules.

Then I would grab a copy of nmap and do UCP, TCP scans of the network to
discover the services that should be filtered. Then I would start playing.

Martin