Newbie

Newbie

[David C. Hart]

[-- Attachment #1: Type: text/plain, Size: 1177 bytes --]

I'm a bit of a nitwit and could use some pointers from more experienced
hands.

We changed routers recently and with it the processes. The objectives
remain the same:
1. To protect the server (running Apache, Postfix and Vftp).
2. To provide DShield reporting.
3. To get reliable data so that, from time to time, we can contact ISPs
when things get out of hand.

The setup is simple and does not use the router's NAT. 

I am using only the NAT IPtable. HTTP, SMTP, FTP and Pop3 get port
forwarded. Anything that doesn't get port forwarded is presumed to be
intrusive and gets logged and dropped. So far so good.

Questions:

1. Does this approach make sense? 

2. I'm getting the LAN address in the logs rather than the intended
destination IP. Is there some way to preserve the original data?

3. Is anyone aware of a decent log analyzer that will also provide host
resolution?

4. I would rather use the FILTER table for the refused connections to
reject rather than drop. I'm sure that it's simple but I just don't get
it. This would depend upon the filter table rules following the NAT
table rules. Where is this order established?

Thanks.

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: Newbie

[Jörg Schütter]

Hallo David,

On Wed, 29 Oct 2003 14:19:55 -0500
"David C. Hart" <DCH@TQMcube.com> wrote:

[...]
> 4. I would rather use the FILTER table for the refused connections to
> reject rather than drop. I'm sure that it's simple but I just don't get
> it. This would depend upon the filter table rules following the NAT
> table rules. Where is this order established?

Take a look at
http://iptables-tutorial.frozentux.net/iptables-tutorial.html#TRAVERSINGOFTABLES


-- 
Gruß
  Jörg

-- 
Jörg Schütter           http://www.lug-untermain.de/
joerg@schuetter.org     http://www.schuetter.org/joerg/
ICQ: 298982789          http://mypenguin.bei.t-online.de/

newbie

[IT Clown]

Hi all

I am new to iptanles i am just wondering i have the
following in my iptables file.

INPUT DROP [0.0]
OUTPUT DROP [0.0]
FORWARD DROP [0.0]

as i understand that will drop every comunications.

what rules will i need to apply to allow www,ftp,mirc
browsing?

I want to do that on another pc behind the firewall.

Regards
__________________________________________________________________________
http://www.webmail.co.za/dialup Webmail ISP - Cool Connection, Cool Price

Re: newbie

[David Cannings]

On Friday 26 March 2004 19:52, IT Clown wrote:
> I am new to iptanles i am just wondering i have the
> following in my iptables file.
> INPUT DROP [0.0]
> OUTPUT DROP [0.0]
> FORWARD DROP [0.0]
> as i understand that will drop every comunications.

Yes, it will.

> what rules will i need to apply to allow www,ftp,mirc
> browsing?
> I want to do that on another pc behind the firewall.

There are three things I would suggest.  The first is reading two 
tutorials on http://www.netfilter.org/documentation/index.html - 
specifically the "packet filtering HOWTO" and the "NAT HOWTO".

The second is Oskar's excellent iptables tutorial, at 
http://iptables-tutorial.frozentux.net/iptables-tutorial.html.

The third is taking a while to work out what ports the services you 
mention work on.  A basic feel for how TCP/IP connections work would help 
too.  The knowledge that in most cases a client chooses a port >1024 and 
connects to the service port should suffice.  People on the list could 
easily list the ports you need to allow or deny but you'll learn a 
tremendous amount by spending 10 minutes working it out.

In any case, don't forget you will need to enable IP Forwarding on your 
netfilter machine.

Hope those pointers help,

David