The purpose of Iptables configuration is to prevent Internet intrusion, and to allow internet peers to access the Internet. Before IPTABLES is configured, only the local machine can access the Internet. There is a "security level" in "system settings" of Rh8.0. it is mainly for the local machine and cannot be used to configure iptables. Open "security level" and assign it to "no firewall" level. For the purpose of Iptables configuration, one is to prevent the invasion of the public network, and the other is to allow the intranet's peers to access the Internet. Before IPTABLES is configured, only the local machine can access the Internet.
There is a "security level" in "system settings" of Rh8.0. it is mainly for the local machine and cannot be used for configuration.
Iptables. Open "security level" and assign it to "no firewall" level.
For ease of configuration and testing, you can use "KWrite" to compile a "script" and copy and paste all the statements into the "terminal" for execution. This makes it easy to modify the test.
Open "KWrite" in "others"-"auxiliary facilities", and input or paste the following sample into it (where eth0 and eth1 are external and internal NICs respectively ):
Echo "Enable IP Forwarding ..."
Echo 1>/proc/sys/net/ipv4/ip_forward
Echo "Starting iptables rules ..."
/Sbin/modprobe iptable_filter
/Sbin/modprobe ip_tables
/Sbin/modprobe iptable_nat
/Sbin/modprobe ip_nat_ftp; supports Passive FTP
/Sbin/modprobe ip_conntrack_ftp;
/Sbin/modprobe ip_conntrack_h323; support for NETMEETING
/Sbin/modprobe ip_nat_h323;
Iptables-F INPUT
Iptables-F FORWARD
Iptables-F OUTPUT
Iptables-f postrouting-t nat
Iptables-f prerouting-t nat
Iptables-P INPUT DROP
Iptables-P FORWARD DROP
Iptables-P OUTPUT ACCEPT
Iptables-a input-I lo-j ACCEPT
Iptables-a input-I eth1-j ACCEPT
Iptables-a input-I eth0-m state -- state ESTABLISHED, RELATED-jACCEPT
Iptables-a forward-s 192.168.0.0/24-j ACCEPT
Iptables-a forward-I eth0-m state -- state ESTABLISHED, RELATED-jACCEPT
Iptables-t nat-a postrouting-o eth0-s 192.168.0.0/24-jMASQUERADE
/Etc/rc. d/init. d/iptables restart
Iptables-L
Save it as a file and put it on the desktop for ease of use.
In this configuration, the default values of the INPUT and FORWARD functions are both DROP, which means that all the INPUT and FORWARD statements that pass (ACCEPT) will be rejected. This is the best security mode. after online tests using Symantec, all public ports are hidden. Note that all intranet ports are opened, and the local machine is not secure internally.
I will not talk about other statements. The last sentence is to display the link result after the configuration is executed.
After each modification, copy the entire statement and paste it to the terminal. it will be automatically configured, started, and displayed once. Modify and test until you meet your requirements.
Finally, copy all the statements and paste them to the end of the "/etc/rc. d/rc. local" file. your configuration can be automatically executed after it is started.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
