LINUX - Life in the console IS!!! Configuring iptables firewall on the server acting as the Internet gateway

11 january 2017, 08:03

  • Rating:
  • (0 / 5)
Login Password Remember me It's not quite finalized article configuration in the testing process So at one point there was a need to set the firewall on the server under Linux which will be the Internet gateway and beyond. Main tasks - close the access of employees to certain sites - SOC. network and other not closing them for the bosses. - close the ICQ is a chat for employees also leaving access to her superiors. - prohibit access to the network of other potentially unwanted applications. - make a port forwarding for the ability of it Department to connect to their work computer from external network. - to access from outside to the server for administration using ssh. - to open from outside 80ый port for access to future website. - to open from outside ports 25 and 110 to your mail server. - For IT departments to separately open all that you will need In the end, employees in external network open only ports 80 http, 443 https, 53 dns and closed vkontaktiki etc.. ICQ will not work as they use ports. primary 5190. To implement these tasks will be using the iptables command-line utility is a standard interface for managing firewalls firewall netfilter for Linux kernel versions 2.4 and 2.6. After a day exploring was created a fairly simple setup script, probably not without drawbacks but it is working. The theory of copy-paste will not online in its sea and from the comments below, much appreciated. Let's get started. If iptables is not installed - put sudo su apt-get install iptables Create setup script and give the rights to execute it touch chmod +x Create two text files. one will be kept a vip list of ip addresses which will be available to all sites in the second list of banned sites touch sbd.txt touch ipbd.txt and fill them nano sbd.txt and other.... nano ipbd.txt etc. Next, go to the script settings. We have the following local network on the network adapter eth1 is external network adapter, eth0 c ip for example nano binbash Variables specify the external ip of the server and externally. network interface INETIP1= INETIFACE1=eth0 specify the internal ip of the server and EXT. network interface LANIP= LANIFACE=eth1 internal network LANRANGE= network interface loop and ip LOIFACE=lo LOIP= IP address in LAN which is doing the forwarding IPFORW1= external port PORTV1=3389 internal port PORTI1=3389 PRTCL1=tcp IPFORW2= external port PORTV1=3489 internal port PORTI1=3389 PRTCL2=tcp ip=iptables specify the path to the text file containing the list of banned sites badsite= $cat homevirtdiversbd.txt specify the path to the text file containing the list of ip for which all sites are open goodip= $cat homevirtdiveripbd.txt

  Save as PDF

  Save as image

Comments and reviews (0)

Add comment

Please rate it between 1 and 5

Read also:

Заявки и заказы от 21 рублей мин. тираж , мы произвели 1010658 открыток с 2007 года.

Принимаем заказы от 20 руб. мин. тираж , мы отгрузили 1010635 бланков с 2006 года.

Мы работаем от 19 р. мин. тираж , мы напечатали более 1010612 листовок с 2005 года.

Лишь 18 руб. с НДС мин. тираж , издательский комплекс произвел 1010589 наклеек с 2004 года.

Всего 17 рублей мин. тираж , мы выпустили более 1010566 буклетов с 2003 года.

Заказы от 16 руб. мин. тираж , Infosoni сделала более 1010543 изделий с 2002 года.

Тиражи от 15 р. мин. тираж , наша компания изготовила 1010520 постеров с 2001 года.

Начиная с 14 руб. с НДС мин. тираж , наша типография напечатала 1010497 плакатов с 2000 года.

От 13 рублей мин. тираж , мы выполнили заказов в виде 1010474 календарей с 1999 года.

Приступаем к работе от 12 руб. мин. тираж , мы произвели 1010451 брошюр с 2010 года.

Минимальная заявка на печать от 11 руб. с НДС в Москве , мы отгрузили 1010428 упаковок с 2009 года.

Мин. Заявка от 10 рублей минимальный заказ , мы напечатали более 1010405 паспортов с 2008 года.

Заявки от 9 руб. мин. заказ , издательский комплекс произвел 1010382 открыток с 2007 года.

Принимаем заказы от 8 р. мин. тираж , мы выпустили более 1010359 бланков с 2006 года.

Мы работаем от 7 руб. с НДС в Москве , Infosoni сделала более 1010336 листовок с 2005 года.

Лишь 6 рублей минимальный заказ , наша компания изготовила 1010313 наклеек с 2004 года.

Всего 5 руб. мин. заказ , наша типография напечатала 1010290 буклетов с 2003 года.

Заказы от 4 р. мин. тираж , мы выполнили заказов в виде 1010267 изделий с 2002 года.

Тиражи от 3 руб. с НДС в Москве , мы произвели 1010244 постеров с 2001 года.

Начиная с 2 рублей минимальный заказ , мы отгрузили 1010221 плакатов с 2000 года.

От 1 руб. мин. заказ , мы напечатали более 1010198 календарей с 1999 года.

Legalizations services in the USA

First Coin Company California Positive Clients Reviews

NeWeb 25 Best WooCommerce Payment gateways

"" "" "" - 20 /c.

Firewalls. Ways of organizing protection

Free software for SMS mailings via the Internet Softo-Art.narod .Ru Write to Webmaster y

The offer is limited.

Ideco Internet Control Server Standart Edition

Corporate Internet-gateway — to-head it infrastructure, but in the case of any PR

How to configure TCP/IP settings of your computer

Edition Headings Regions Next year, SSA will upgrade its network using the

Dear buyers, please note!

Login to display your price level

Internet setup

Is there any Internet gateway for sending sms which does not require entering a code on the picture ?Want

GSM-VoIP gateways

Internet setting on LG TV

Sorry, you need to enable JavaScript to visit this website. Sberbank Developers

Product catalog Information Equipment for cellular signal amplification

Thermostat SALUS iT500 provides comfort in the house, analyzing the temperature and carrying out your commands, g

Tariffs for acceptance of payments with Bank cards

Dr. Web for Internet gateways Unix Dr. Web for Unix Internet gateways — select the product

How to connect a Samsung TV to the Internet?

Heating and vodosnabzheniya apartments Price: 24568 RUB.

- 4.6 - - - - - Lite

Internet gateway Ideco ICS 3.0 replaces expensive server solutions