iptables question.

Discussion in 'Server Security' started by nondescriptcitizens, Dec 3, 2012.

  1. nondescriptcitizens

    nondescriptcitizens New Member

    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    I am setting up a new squid daemon to run on my server. I want to make sure that everyone inside my network can access squid but I want to make sure everyone on the internet is blocked.

    eth0 is connected to my internal LAN via: 192.168.0.5/255.255.255.0
    eth1 is connected to the internet via: 1.1.1.1/255.255.255.248
    Squid listens on port 3124

    So far I have the following script for my iptables.

    iptables -F
    iptables -t nat -F
    iptables -X
    iptables -P FORWARD DROP
    iptables -P INPUT DROP
    iptables -P OUTPUT ACCEPT
    iptables -A INPUT -p tcp --dport 3124 -j ACCEPT
    iptables -A INPUT -p tcp --dport 22 -j ACCEPT
    iptables -A INPUT -p tcp --dport 80 -j ACCEPT
    iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

    Is this correct? Will this allow all my LAN users access to squid while blocking outward attempts from the net to my server?

    Thanks in advance!

    -Ash

  2. ryanvade

    ryanvade Administrator Staff Member Staff Writer

    Messages:
    1,131
    Likes Received:
    378
    Trophy Points:
    83
    You might want to include the specific interfaces. For example:
    iptables -A INPUT -i eth0-p tcp --dport 3124 -j ACCEPT

    -i, --in-interface name
    Name of an interface via which a packet was received

    -o, --out-interface name
    Name of an interface via which a packet is going to be sent
    From
    Code:
    man iptables
    ufw MIGHT be easier...
  3. Cristal Skull

    Cristal Skull Member

    Messages:
    44
    Likes Received:
    23
    Trophy Points:
    8

Share This Page