Back to article
An Easy Tutorial on IP Tables and Port Knocking
February 4, 2008
Do you wish you had access to your home file server without leaving your firewall wide open to attacks? Well today's your lucky day! While you can implement this on any OS its easiest to do this on Linux. This article will show you how to lock down your firewall and implement a port knocker to let you in.
We are going to achieve this using a Linux firewall and server, SLED 10.1 to be exact. Yes, you will be playing around with config files, but I'll give you a template you can work with so you can just copy/paste and change the things you need to change.
Before we get started you need to install some things along with the OS. Mainly:
You can install these tools through YaST2, just make sure you have the install cd/dvd with you and remember to resolve dependencies.
The first thing you have to do is configure both network cards. That's right, I said "both." You need to have two network cards in this box to let it run as a firewall. You need to configure one as "internal" and one as "external." Again, you can do this through YaST2.
While your there, make sure the "External" card has no ports open and your internal one has all the ports open. The external card is the one that's going to be interfacing with the Internet and as such is the one running the firewall. If you can't figure out which card is which open a terminal, do an
I'm going to skip the rest of the card configuration steps; it's not that hard just play around with it. You need to set up your internal card to either give out IP addresses, or just put the IP address of your second card into the default gateway of your router. Go crazy and experiment, the worst that will happen is you need to reinstall or reset your router.