Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
N
N
ninja5plus2014-11-06 09:58:03
linux
ninja5plus, 2014-11-06 09:58:03

How to set up secure gateway on linux ubuntu?

Hello everyone,
I'm taking my first steps in learning Linux.
The task is to configure the gateway on Linux Ubuntu 14.04.1 LTS .
I want to build network protection according to the scheme, what is not allowed is prohibited.
The server acts as a gateway+nat+firewall for the local network.
eth0 looks to the Internet, eth1 to the local network (192.168.0.0/24)
IP address for eth0: 192.168.136.129
IP address for eth1: 192.168.0.1
pc1 (192.168.0.2) - You need to block access to the Internet.
pc2 (192.168.0.3) - Need to forward port 3389
pc3 (192.168.0.4) - Need to forward port 3390
System settings
1.Network

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet dhcp

# eth1 - local
auto eth1
iface eth1 inet static
address 192.168.0.1
netmask 255.255.255.0

pre-up iptables-restore < /etc/firewall.conf

2.Enabled IP forwarding
net.ipv4.ip_forward = 1
3.iptables-save
*filter
:INPUT DROP [608:26735]
:FORWARD DROP [0:0]
:OUTPUT DROP [261:35404]
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -s 192.168.0.0/24 -i eth1 -m state --state NEW,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.0.2/32 -i eth1 -j DROP
-A FORWARD -s 192.168.0.2/32 -i eth0 -j DROP
-A FORWARD -s 192.168.0.0/24 -i eth1 -m state --state NEW,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.0.0/24 -i eth0 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 22 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
COMMIT
*nat
:PREROUTING ACCEPT [905:67641]
:INPUT ACCEPT [1:52]
:OUTPUT ACCEPT [110:25072]
:POSTROUTING ACCEPT [8:480]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT

Please help me with the rules for port forwarding for pc2,pc3. And look at the general rules for errors.
Upd2. Added port forwarding rules for pc2,pc3.
iptables -t nat -I PREROUTING -p tcp --dport 3389 -j DNAT --to 192.168.0.3:3389
iptables -I FORWARD -p tcp --dport 3389 --destination 192.168.0.3 -j ACCEPT
iptables -t nat -I PREROUTING -p tcp --dport 3390 -j DNAT --to 192.168.0.4:3390
iptables -I FORWARD -p tcp --dport 3390 --destination 192.168.0.4 -j ACCEPT

What system settings should be done to secure the server.
Thank you!

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
B
brutal_lobster, 2014-11-06
@brutal_lobster

Read the iptables tutorial - namely the order and place of application of rules/chains. It's not difficult there - you'll understand the process right away)
I like it: www.amazon.com/Linux-iptables-Pocket-Reference-Gre...
Well, start with something simpler - play around, open / close ports, feel the nat table.
The default drop policy is good, but you can accidentally close yourself) Put it better at the end of the drop all chains.
And to forward the port, you need to not only change the destination address (-j DNAT), but also enable forwarding of the necessary packets.

Report
N
ninja5plus, 2014-11-06
@ninja5plus

UPD1: Switched to version 14.04.1 LTS.

Similar questions
@
@pytker2015-12-14 09:20:10
What does mode mean in system.cpu.util? 1Reply
D
Dima Petrov2018-04-23 14:21:19
Why are integrated raids constantly rebuilt? 3Reply
S
Sinot2015-12-14 16:50:34
How to unpack a deb package into a directory, as if it had been installed? 2Reply
S
SEACRE5T2021-08-09 14:21:44
How to put a comma in the Russian layout in Kali Linux? 2Reply
M
Monnoroch2012-10-15 23:28:31
Shared library on D? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question