Hello!
I was hoping someone could check my
Possibly offer some advice on improving them?
They seem to be working well so far.
My Promox host has 1 public IP address and a handful of VMs
(I'm already using alternative ports, f2b, etc...)
For full context, below is my
Thanks!
I was hoping someone could check my
iptables rules and advise on how good/bad they are?Possibly offer some advice on improving them?
They seem to be working well so far.
My Promox host has 1 public IP address and a handful of VMs
(I'm already using alternative ports, f2b, etc...)
Code:
# Set default policies
/sbin/iptables --policy INPUT DROP
/sbin/iptables --policy OUTPUT ACCEPT
/sbin/iptables --policy FORWARD ACCEPT
# Allow unlimited traffic on the loopback interface
/sbin/iptables -A INPUT -i lo -j ACCEPT
# Allow LAN to talk to WAN
/sbin/iptables -A FORWARD -i vmbr1 -o vmbr0 -j ACCEPT
# Keep current connections alive
/sbin/iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# Allow ping on host
/sbin/iptables -A INPUT -i vmbr0 -p icmp --icmp-type 8 -j ACCEPT
# Allow GUI access
/sbin/iptables -A INPUT -i vmbr0 -p tcp --dport 8006 -j ACCEPT
# Allow SSH
/sbin/iptables -A INPUT -i vmbr0 -p tcp --dport 22 -j ACCEPT
# Forward traffic to VM subnet
/sbin/iptables -t nat -A POSTROUTING -s '192.168.50.253/24' -o vmbr0 -j MASQUERADE
# Port forward rules for specific VMs
/sbin/iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 35221 -j DNAT --to 192.168.50.1:22
/sbin/iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 192.168.50.2:80
/sbin/iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 443 -j DNAT --to 192.168.50.3:443For full context, below is my
/etc/network/interfaces :
Code:
auto lo
iface lo inet loopback
iface eno1 inet manual
auto vmbr0
iface vmbr0 inet static
address <Public IP>/24
gateway <Gateway>
bridge-ports eno1
bridge-stp off
bridge-fd 0
auto vmbr1
iface vmbr1 inet static
address 192.168.50.254/24
bridge-ports none
bridge-stp off
bridge-fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forwardThanks!
