Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Linux firewall settings instance     - CentOS7 virtual machine starts appear Permission denied (Linux)

- Tomcat session clustering and server session (Server)

- Linux kernel source code analysis (Linux)

- Install Web-based monitoring tool: Linux-Dash (Server)

- Postfix mail service system principle and configuration (Linux)

- Experience PHP 7.0 on CentOS 7.x / Fedora 21 (Server)

- Getting Started with Linux system to learn: how to install autossh (Linux)

- Linux operating system security can not be ignored (Linux)

- CentOS 6.4 (64bit) install Python 2.7.5 (Linux)

- ogg Oracle to SQL Server 2005 to achieve synchronization (Database)

- CentOS7 method to upgrade the kernel to 3.18 (Linux)

- Linux system security reinforcement (Linux)

- Preliminary understanding of SELinux security management (Linux)

- How to recover deleted files in Linux systems (Linux)

- Binding multiple network cards in Linux using command nmcli (Linux)

- LVM management reduces swap partition space to the root partition (Linux)

- Java to create a table in the database SYBase (Database)

- SELinux security permissions HTTP + PHP service changes (Server)

- Install the latest development version of Wine on RedHat and Debian-based systems (Linux)

- ISO image to use offline upgrade Ubuntu (Linux)

 
         
  Linux firewall settings instance
     
  Add Date : 2017-08-31      
         
         
         
  Examples firewall settings (installation TIS Proxy)

1.1 focus on safety of large-scale network

Suppose you want to set up a militia heads of networks, which have a total of 50 computers and a 32 secondary IP address network. Since the followers of different levels, heads of the militia want to set different levels of rights on the Internet. Thus, part of the network can not communicate with another. There are various levels:

Periphery. This is everyone can reach the level. This is to attract new members level.

Troops at this level over the peripheral characters. This level people can know some tricks and methods of making weapons.

This is the real Foreign Legion at the completion of the plan.

Network settings

A method of setting IP numbers are as follows:

An address is 192.168.2.255, which is the broadcast address can not be used.

32 IP addresses 23 addresses assigned to the 23 machines, these machines can be coupled with the Internet.

An IP address for the Linux machine on the web.

An IP address for another Linux machine on the web.

Two IP # \ 's for router

The remaining four address just given four names, people uncertain real users.

Protection web addresses 192.168.2.xxx

This creates two different networks. Both network via infrared Ethernet network, the outside world can not see their existence. Has the same effect of infrared Ethernet and Ethernet in general. Both connected to the network each have an IP address of the computer running Linux. At the same time there is a file server successively to both protect the network, because the plan to conquer the world need some well-trained troops. Document server has an IP address of 192.168.2.17 IP address of the network forces and Foreign Legion web 192.168.2.23. We have different IP addresses because there are different Ethernet card's sake. IP Forwarding on the web of disabled disabled. IP Forwarding on both Linux machine's functions are disabled. Unless explicitly stated otherwise router not forwarding packets sent to 192.168.2.xxx, so the network without entering. Close IP Forwarding function because the network packets sent troops to prevent the web reaches the Foreign Legion Foreign Legion network packets arriving troops would not let the web. You can set the NFS server settings so that the various documents sent to different networks. This method is quite easy to use, on the hands and feet can symblic links do Crocus document so that we share. With this arrangement and processing an ethernet card allows a document server for all three networks.

Proxy server settings

Since the three batches of troops are needed to understand the situation of the Internet, so they need to access. External network directly to the Internet, so the proxy server does not need to make any changes. Foreign Legion troops networks and network behind a firewall, and therefore need to make some settings on the proxy server. Two network setup is very similar. They still use the IP address assigned to them. But here was to set some parameters.

No person shall use the document server access, otherwise the document server may be exposed to viruses or other bad thing was invaded. To this problem is serious, and therefore can not use the document server.

Let troops online. They are trained, and if they have this ability to retrieve information may be harmful to them.

Thus, in the armed forces should be on the web Linux machine within sockd.conf file the following line:

deny 192.168.2.17 255.255.255.255

And set in the Foreign Legion machine are:

deny 192.168.2.23 255.255.255.255

Meanwhile, troops of Linux machines in the network settings:

deny 0.0.0.0 0.0.0.0 eq 80

Significance of this line is that no machine uses port 80, both http port. However, these machines are still available for all other functions, but not to the Internet. Then in sockd.conf file two machines are added:

permit 192.168.2.0 255.255.255.0

So that all the computers are online 192.168.2.xxx use this proxy server except not to use computer (both server and Internet into the document from the army network).

Web content troops sockd.conf file as follows:

deny 192.168.2.17 255.255.255.255

deny 0.0.0.0 0.0.0.0 eq 80

permit 192.168.2.0 255.255.255.0

Foreign Legion web content sockd.conf file as follows:

deny 192.168.2.23 255.255.255.255

permit 192.168.2.0 255.255.255.0

This configuration should be no problem. Each network can work alone, and there is an appropriate relationship. Everyone should be satisfied fishes.
     
         
         
         
  More:      
 
- Performance Diagnosis of 60,000 milliseconds for Linux (Linux)
- Java data structures - the single linked list LinkedList linear table (Programming)
- Nodejs command-line program development tutorial (Programming)
- APT-GET commonly used Linux command (Linux)
- CoreOS use register mirror to build private warehouse (Linux)
- Mounting Windows shared directory system under the Linux (Linux)
- The difference Docker save and export commands (Linux)
- Ubuntu 14.04 LTS 64-bit install GNS3 1.3.7 (Linux)
- ApacheDS configuration of users and user groups to achieve SSO (Server)
- Doubly linked list basic operations (Linux)
- The AWK use Cygwin tools mysql binlog log viewer (Database)
- To teach you a trick to find the real IP address (Linux)
- CentOS yum install LAMP (Server)
- Linux System Getting Started Tutorial: how to find information on Linux-embedded module (Linux)
- How to install the Linux text editor Atom 0.124.0 (Linux)
- Performance Optimization: Using Ramlog transfer log files to memory (Linux)
- Bash code injection attacks through a special environment variable (Linux)
- To install CentOS 6.5 on your hard drive under Windows 7 (Linux)
- Android Studio utility plug organize, create sharp artifact (Programming)
- 20 Unix / Linux command skills (Linux)
     
           
     
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.