IPtable - firewall setup

yoda · 10 Nov 2007 at 23:28

I'm installing a hardened linux server to sit between me and the internet...
I've got a router with firewall but I don't trust it enough....

I'm also wanting my server to run squid and named (dns proxy)

it has two network cards, eth0 - internal (green zone) and eth1 - DMZ (yellow zone)

Basically, the network after my router I'm calling my DMZ since I may decided to host LAMP server or two...

Green zone will be a 10.X.X.X network
Yellow zone will be 192.168.1.X network

Does anyone have any info on how to configure iptables to do this?
Or, even better if their is software with a txt based interface....

server is NOT running a GUI and I will not be installing one...

Thanks

QuantumXP · 11 Nov 2007 at 23:13

You would be better using an old pc running monowall or smoothwall to protect your LAN. Then use that to only allow remote access to the server.

DRZ · 15 Nov 2007 at 02:31

Webmin will let you configure iptables rules relatively painlessly, although the latest version seems to have a few bugs in a couple of the modules.

whitecrook · 15 Nov 2007 at 19:10

You could use wonderswan or something. Damn I've googled for 5 mins but I can't remember then proper name.

It's a script that reads in your requirements and generates the IPTABLEs script.

WonderSwan, Swanfilter, or something. But there also seems to be loads of scripts on the net I found when looking.

<edit> Shorewall, that's the one - it seems quite popular. It has an 'S' in

Loads of links here at the bottom http://en.wikipedia.org/wiki/Iptables
http://en.wikipedia.org/wiki/Shorewall