Setting up a firewall _unix Linux on a Linux proxy server
Source: Internet
Author: User
In general, there are two strategies for implementing Linux firewall functionality. One is to completely prohibit all input, output and forwarding packets, and then gradually open each service function according to the user's specific needs. This approach is characterized by a high degree of security, but must take into account all the service features required by the user, without any omission, requiring the system administrator to be aware of what services and ports are needed to implement a service and function. The second way is to open all input and output packets by default, and then to prohibit certain dangerous packets, IP spoofing packets, broadcast packets, ICMP service type attacks, etc., for application-tier services, such as HTTP, SendMail, POP3, FTP, etc., can be selectively launched or installed. This approach, although not the first way to be secure, is easier to configure and can be configured with a basic firewall system without much understanding of the details of the IPChains command.
I manage the proxy server is IBM's Netfinity3000, installed Redhat Linux 6.2, squid-2.3, has two network card, external network card for eth0 (211.98.126.180), internal network card for eth1 (192.168.0.1 ), the IP address of the client is 192.168.0.xxx. A firewall is set up according to the second method, as follows:
After installing the system, log in as root, and create a script with VI in the/etc/rc.d/directory called Firewall.rules; after the creation is complete, execute the command chmod 755 firewall.rules, make sure it is an executable file, and then use VI to open/ etc/rc.d/rc.local file, join a line of/etc/rc.d/firewall.rules to ensure that every time the machine is started, the set of firewall rules can be executed.
The contents of the Firewall.rules file are slightly.
If your machine has only one network card, through modem dial-up Internet connection, then the network card connected to the intranet should be the ETH0,IP address may be 192.168.0.1, the external interface is PPP0, you only need to firewall.rules file content eth0 to ppp0. After you set up the above firewall rules, you can disable all unwanted services in/etc/inetd.conf, only FTP and Telnet, and set up/etc/hosts.allow and/etc/ Hosts.deny, only certain administrative users within it are allowed to log on to the firewall. The above method runs successfully in the author's environment, and solves the problem that Outlook Express sends and receives mail.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.