Setting up a firewall on a Linux proxy server

Source: Internet
Author: User
Tags ftp log firewall linux

In general, there are two strategies for implementing Linux firewall functionality. One is to completely prohibit all input, output and forwarding packets, and then gradually open each service function according to the user's specific needs. This approach is characterized by a high degree of security, but must take into account all the service features required by the user, without any omission, requiring the system administrator to be aware of what services and ports are needed to implement a service and function. The second way is to open all input and output packets by default, and then to prohibit certain dangerous packets, IP spoofing packets, broadcast packets, ICMP service type attacks, etc., for application-tier services, such as HTTP, SendMail, POP3, FTP, etc., can be selectively launched or installed. This way, though not
There is a first way to be secure, but easier to configure, and you can configure a basic firewall system without having to learn more about the details of the IPChains command.

I manage the proxy server is IBM's Netfinity3000, installed Redhat Linux 6.2, squid-2.3, has two network card, external network card for eth0 (211.98.126.180), internal network card for eth1 (192.168.0.1 ), the IP address of the client is 192.168.0.xxx. A firewall is set up according to the second method, as follows:

After installing the system, log in as root, and create a script with VI in the/etc/rc.d/directory called Firewall.rules; after the creation is complete, execute the command chmod 755 Firewall.rules, make sure it is an executable file, then open the/etc/rc.d/rc.local file with VI, join a line of/etc/rc.d/firewall.rules, and make sure that every time the machine starts, it executes the firewall rules set.

The contents of the Firewall.rules file are slightly.

If your machine has only one network card, through modem dial-up Internet connection, then the network card connected to the intranet should be the ETH0,IP address may be 192.168.0.1, the external interface is PPP0, you only need to firewall.rules file content eth0 to ppp0. After the above firewall rules are set, You can disable all unwanted services in/etc/inetd.conf, keep FTP and Telnet only, and set up/etc/hosts.allow and/etc/hosts.deny to allow only some internal administrative users to log on to the firewall. The above method runs successfully in the author's environment, and solves the problem that Outlook Express sends and receives mail.



Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.