Hi folks.
I am using Ubuntu 6.06 on a Dell PE server for Windows patch testing as well as for core application testing. In the past, I had the set up running and it seemed to do what I wanted.
Before I fire it up again I want to make sure my iptables firewall rules will actually restrict the potential communication of Active Directory from our production network.
So here is the basic network config:
Linux/VMWare - eth0 192.168.0.x (able to use production network's router for DNS and updates)
VMNet0 - 192.168.5.x (subnet of testing environment)
Simply put here are my objectives:
- Updates are possible - I'd like make sure that Windows servers can get updates (HTTP/HTTPS)and DNS.
- The Windows servers cannot 'browse' the production network.
- The production network cannot 'browse" the test network.
- Neither network can touch the other's Active Directory (udp/tcp 137,138 and 139; TCP 445)
- I can use Remote Desktop Connections (TCP 3389) to work on the test servers and workstations as needed.
I have an iptables custom rules which I have used for this same list of objectives but I am still wondering if I created proper rules.
If anyone is interested in looking into this type of set up let me know and then I will post my rules config.
Thanks.
-james
Bookmarks