Firewalling help needed

[qeldroma]

Hello,

i got a server which servs X-Sessions, right, a terminal server.

This one is directly connected to DSL via ethernet.

 

This server got two NIC, one to dsl, one to LAN. I only wanted to set three or four ports beeing open on the ppp0-device, but didn'T find out how to handle.

Every iptables-based firewall is far to complex for my needs. I just want him to allowe three or four ports in and out on the ppp-device, that's all.

Reading manuals about iptables didn't help me much, don'T know enough about protocols.

I tried guarddog, but it does filter the intranet, too. Therefor there must be a port, that i need, which is not mentioned somewhere, guarddog blocks my clients from getting a login screen. Yes, XDMCP/XFS/X-ports are open (for real i allowed EVERYTHING in "LAN" and "local"). I think, the problem is, that X makes highport-sessions, that are filtered and that it is not possible to define ports per port or protocol.

I tried to add a third zone, for the LAN, but didn't help. Another problem is, that guarddog defines zones over IP's, but i need a firewall on a device, ppp0.

 

Let's say, i need only http/https/ssh/ftp on the ppp0. What should i do?

[theYinYeti]

I use bastille-firewall, and with this you can say which interface should be filtered and which interface should be trusted. Myself, I set ppp0 to be filtered, and eth0 to be trusted, so all ports are open between my PC and my laptop (eth0), but the firewall is active between my PC and internet (ppp0)

 

Yves.

[qeldroma]

Hi tYY,

 

ok, i'll give it a try now.

 

Thx