How to set iptables rules in centos

-
The rules we used for firewall 2 were:
Stop all incoming traffic using the following command:

iptables -P INPUT DROP

Allow SSH session to firewall 2 by using the following command:

iptables -A INPUT -p tcp --dport 22 -s 0/0 -j ACCEPT

Allow ICMP traffic to firewall 2 by using the following command:

iptables -A INPUT -p icmp -j ACCEPT

Allow all related and established traffic for firewall 2 by using the following command:

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

Stop all forwarding by using the following command:

iptables -P FORWARD DROP

Allow forwarding of TCP traffic on IP interface 172.110.60.0 (client) port 80 (HTTP) and port 443 (HTTPS) to go to 192.168.40.95 (webApp.secure) by using the following commands:

iptables -A FORWARD -p tcp --dport 80 -s 172.110.60.0 /24 -d 192.168.40.95 -j ACCEPT
iptables -A FORWARD -p tcp --dport 443 -s 172.110.60.0 /24 -d 192.168.40.95 -j ACCEPT

Allow forwarding of ICMP traffic by using the following command:

iptables -A FORWARD -p icmp -j ACCEPT

Allow forwarding of all related and established traffic by using the following command:

iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

Allow output traffic for ICMP by using the following command:

iptables -A OUTPUT -p icmp -j ACCEPT

Firewall 1
The rules we used for firewall 1 were:
Stop all incoming traffic by using the following command:

iptables -P INPUT DROP

Allow SSH session to firewall 1 by using the following command:

iptables -A INPUT -p tcp --dport 22 -s 0/0 -j ACCEPT

Allow ICMP traffic to firewall 1 by using the following command:

iptables -A INPUT -p icmp -j ACCEPT

Allow all related and established traffic for firewall 1 by using the following command:

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

Stop all forwarding by using the following command:

iptables -P FORWARD DROP

Allow forwarding of TCP traffic on interface 192.168.40.0 (guest LAN) to go to 172.110.60.10 (webserver2) by using the following command:

iptables -A FORWARD -p tcp -i hsi1 -o hsi2 -d 172.110.60.10 -j ACCEPT

Allow forwarding of ICMP traffic by using the following command:

iptables -A FORWARD -p icmp -j ACCEPT

Allow forwarding of all related and established traffic by using the following command:

iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

Allow output traffic for ICMP by using the following command:

iptables -A OUTPUT -p icmp -j ACCEPT

Comments

Post a Comment

Popular Posts

Install and configure rsyslog Centralized logging server in CentOS

-
 Install and configure rsyslog Centralized logging server in CentOS 6.5 In this tutorial we will learn, how to install and configure rsyslog 7.6 version on RHEL 6.5/CentOS 6.5 .The scenario is, install and setup rsyslog Centralized Logging Server in RHEL/CentOS 6.5. All the logs from client servers will be sent to Centralized logging server i.e rsyslog server. Check Pre-installed rsyslog package Step 1: First of all check the rsyslog package is installed in your system.Generally by-default we get rsyslog version 5.x , after minimal installation of CentOS 6.x / RHEL 6.x We will install the latest rsyslog package. At the time of writing this post, rsyslog stable version 7.6 was available. You can find the latest package information from rsyslog official website Note: By default, RHEL 6.x and CentOS 6.x has rsyslog version 5.x. So here we will update the rsyslog with new version. You can get the rsyslog version information, by using below given two commands rpm -qa|grep rsy...
Read more

Connecting to Your Linux Instance from Windows Using PuTTY

-
Image
1.     To generate an RSA key pair to work with version 2 of the protocol, type the following command at a shell prompt: 2.   ssh-keygen -t rsa [pravesh@localhost ~]$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/pravesh/.ssh/id_rsa): pravesh Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in pravesh. Your public key has been saved in pravesh.pub. The key fingerprint is: ed:5e:fb:5d:87:a2:12:ac:5d:98:1c:59:df:e3:81:1a pravesh@localhost.localdomain The key's randomart image is: +--[ RSA 2048]----+ |                 | |          .      | |         o . o   | |        o.E o +  | | ...
Read more

How to fix postfix/smtp Network is unreachable error

-
While configuration postfix authentication getting the error status=deferred (delivery temporarily suspended: connect to smtp.office365.com[2603:1026:3:ca::2]:587: Network is unreachable) its because of you were not using IPv6/ wrong settings for ipv6. You can either use IPv4, or correct your IPv6 settings. [root@mailserver postfix]# netstat -nutlap | grep 25 tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      3956/master tcp        0      0 127.0.0.1:38442         127.0.0.1:3306          ESTABLISHED 2596/httpd [root@mailserver postfix]# vi /etc/postfix/main.cf [root@mailserver...
Read more