Design of firewall
You are having two networks IPs ranging from
Network A 192.168.1.0-255 and
Network B 192.168.2.0-255
The proxy server is situated on 192.168.3.24 develop IPTABLES rules to masquerade the requests from both the networks to connect to an external DNS(basically it is acting as proxy server to provide internet connection to client machines behind it) with the server IP on port 3128. Many firewalls block ports up to 1024 from external access, but leave higher ports open, since these ports are dynamically assigned to client-side programs. It is possible to run a server on a port that's different from the designated port - web servers sometimes run on 8080 instead of 80. With NAT you can redirect connections to open ports to locked ones. Please note that this technique can be used for vicious purposes ("man in the middle attack"). But it could also be used in valid ways It's just a means to have finer control over your host and router. Write IPTABLES rules to block all TCP state NEW connections to your
Host on ports < 1024 from 192.168.2.38/24 (using -m state). The host machine is different from the server host can be any client in your networks assume the subnet 255.255.255.0 where ever not mentioned.
Mention a rule which also stops ping requests to your proxy server in your rule of IPTABLES.
1: Allow all traffic from a selection of ip subnets (for example,
allow 192.168.1.0 thru to 192.168.10.0). They should have full access
to all ports.
2. Allow access to port 22 (ssh) and 8001 (weblogic) using tcp/http
traffic from specific ip address (for example 192.168.168.168).
3. Deny everything else.
