Loading
Starting a Linux Firewall from Scratch
The first steps in getting started with iptables.
______________________
White Paper
Fabric-Based Computing Enables Optimized Hyperscale Data Centers
Today’s modular x86 servers are compute-centric, designed as a least common denominator to support a wide range of IT workloads. Those generic, virtualized IT workloads have much different resource optimization requirements than hyperscale and cloud applications. They have resulted in a “one size fits all” enterprise IT architecture that is not optimized for a specific set of IT workloads, and especially not emerging hyperscale workloads, such as web applications, big data, and object storage. In this report, you will learn how shifting the focus from traditional compute-centric IT architectures to an innovative disaggregated fabric-based architecture can optimize and scale your data center.
Sponsored by AMD
White Paper
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy
Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6
Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.
Learn more about catching the bad guy in this free white paper.
Sponsored by DLT Solutions
- Using Salt Stack and Vagrant for Drupal Development
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- New Products
- Drupal Is a Framework: Why Everyone Needs to Understand This
- Validate an E-Mail Address with PHP, the Right Way
- A Topic for Discussion - Open Source Feature-Richness?
- New Products
- New Products
- Home, My Backup Data Center
- The Pari Package On Linux
- This is the easiest tutorial
3 hours 32 min ago - Ahh, the Koolaid.
9 hours 11 min ago - git-annex assistant
15 hours 10 min ago - direct cable connection
15 hours 33 min ago - Agreed on AirDroid. With my
15 hours 43 min ago - I just learned this
15 hours 47 min ago - enterprise
16 hours 17 min ago - not living upto the mobile revolution
19 hours 9 min ago - Deceptive Advertising and
19 hours 44 min ago - Let\'s declare that you have
19 hours 45 min ago
Free Webinar: Linux Backup and Recovery
Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.
In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.
Comments
error
ther eis probably a mistake in the file:
/sbin/iptables -A FORWARD -m state --state \
I will try to get my head
I will try to get my head around this and code my own little thing soon i think. Johnston @ webwurzel.de
It would work but not well setup.
The method of setting up this firewall would probably work fine, but for a beginner's guide to setting up a firewall I think that this glossed over too many details and outright left some unanswered.
It looks like the author set up this firewall in this manner because he didn't have access to the router. Why else would you setup proxy arp instead of just routing the protected network to the firewall? He also refers to the untrusted segment of his network as public network, and then mentions that for some that would be the Internet. He used non-routable IP space behind his firewall but then didn't mention that if you also did this you would need to do NAT.
I like the article because it explained how to set up a Linux box to be a firewall with needing to install a GUI for it, but I think that it used a poor example for what a typical network layout would be.
Clarifications
Yes, I did forget to mention the connection to the outside world properly. It can be either through a server with a global address running a squid, or even some technique using NAT - Sorry that I missed these points.
I was majorly referring to a large campus-kind-of network where one would like to protect his/her smaller LAN.
Excellent Writeup on IPTables
Divakaran this is a very good write up on iptables,Good and very practical example for a small setup.
Is it possible to expand this article and to add transparent proxy server using squid , as in a small setup its very common to have a linux Router/Gateway with proxy server.
Thanks
Austin
Thanks. I should have added
Thanks.
I should have added those details here; I will try to come up with another one, as and when time permits.