need suggestion on FIREWALL
Pinakin Bhatt — Wed, 02/22/2012 - 11:39
Hi.All,
i need your best suggestion , i have one gateway server ( RHEL 5) and have configured transparent proxy.
Now my requirement are as under
1) i want to block all the traffic from WAN side to LAN. ( not any single port should open)
2) only HTTP , HTTPS and FTP port should be open from LAN to WAN.
3) Nobody is try to attack on my gateway server,or attack on any hidden port.
Let me know your valuable suggestion.
--
Please read http://www.catb.org/~esr/faqs/smart-questions.html before posting.
You received this message because you are subscribed to the "Vibrant GNU/Linux User Group".
To stop receiving emails from this group, mail to VGLUG+unsubscribe@googlegroups.com
To post to this group, send email to VGLUG@googlegroups.com
For more options, visit this group at http://groups.google.com/group/VGLUG
- Login to post comments
need suggestion on FIREWALL
pngmor — Mon, 02/27/2012 - 14:30if u have cisco router u can do that
if u don't have cisco router/firewall u can still do with iptables/proxy server.
just allow only your required service/ports in proxy server & iptables
by default wan to lan is restricted
ok bye.
On 2/22/12, Pinakin Bhatt
wrote:
> Hi.All,
>
> i need your best suggestion , i have one gateway server ( RHEL 5) and have
> configured transparent proxy.
>
> Now my requirement are as under
>
> 1) i want to block all the traffic from WAN side to LAN. ( not any single
> port should open)
>
> 2) only HTTP , HTTPS and FTP port should be open from LAN to WAN.
>
> 3) Nobody is try to attack on my gateway server,or attack on any hidden
> port.
>
>
> Let me know your valuable suggestion.
>
> --
> Please read http://www.catb.org/~esr/faqs/smart-questions.html before
> posting.
> You received this message because you are subscribed to the "Vibrant
> GNU/Linux User Group".
> To stop receiving emails from this group, mail to
> VGLUG+unsubscribe@googlegroups.com
> To post to this group, send email to VGLUG@googlegroups.com
> For more options, visit this group at http://groups.google.com/group/VGLUG
>
--
Please read http://www.catb.org/~esr/faqs/smart-questions.html before posting.
You received this message because you are subscribed to the "Vibrant GNU/Linux User Group".
To stop receiving emails from this group, mail to VGLUG+unsubscribe@googlegroups.com
To post to this group, send email to VGLUG@googlegroups.com
For more options, visit this group at http://groups.google.com/group/VGLUG
need suggestion on FIREWALL
ElectroMech — Wed, 02/22/2012 - 21:30Hi,
You need to stick to some basic rules.
If you do not want to scan your ip then need to block nmap request.
Of if you want some ready made solution try pfsense.
Thanks and Regards.
--
--
Nilesh Vaghela
(RHCSA RHCE)
ElectroMech Corporation
Redhat Channel Partner and Training Partner
404, Maulik arcade, Above Karnavati Pagarakha Bazar,
Nr. Mansi cross Road,
Satellite Rd, Ahmedabad
25, The Emperor, Fatehgunj, Baroda.
www.electromech.info
--
Please read http://www.catb.org/~esr/faqs/smart-questions.html before posting.
You received this message because you are subscribed to the "Vibrant GNU/Linux User Group".
To stop receiving emails from this group, mail to VGLUG+unsubscribe@googlegroups.com
To post to this group, send email to VGLUG@googlegroups.com
For more options, visit this group at http://groups.google.com/group/VGLUG