SafeNet ProtectServer External 2, Installation Manual

Page: 18 / 22

12
This entries in the ifcfg-eth [ 0 | 1 ] files are similar to the following:
DEVICE= "eth0"
BOOTPROTO="static"
HWADDR="00:0D:48:3B:15:30"
IPADDR="192.168.9.35"
NETMASK="255.255.255.0"
NM_CONTROLLED="yes"
ONBOOT=yes
Edit the files, as required, to specify an IP address and network mask for each NIC.
You must configure one of the NICs. You only need to configure the second NIC if
you intend to use it.
Setting a hostname and default gateway
Set the default gateway (that this SafeNet PSE2 should use) by editing the file
/etc/sysconfig/network
.
If you ever want to address the unit by its name using the loopback connection, you
can set the hostname by editing the
/etc/hosts
file and the
/etc/sysconfig/network
file (which governs external connections).
Setting a name server
The PSE2 processing modules do not have the resources to operate as their own name
servers. If name resolution is required, it needs to be provided by a DNS server on the
network. In order for the PSE2 to use the DNS server, you must add an entry for the
DNS server to the file
/
etc/resolv.conf , in the following format:
nameserver <IP-ADDRESS>
Setting access control
Access control on the Protect Server External
2
is performed using
iptables (8)
.
Below is a list of
iptables (8)
commands:
iptables -[ADC] chain rule-specification [options]
iptables -I chain [rulenum] rule-specification [options]
iptables -R chain rulenum rule-specification [options]
iptables -D chain rulenum [options]
iptables -[LFZ] [chain] [options]
iptables -N chain
iptables -X [chain]
iptables -P chain target [options]
iptables –L [chain]
The following
iptables (8)
configuration prevents access to all but one IP
address:
1.
iptables -F INPUT (
deletes any previous chains in the INPUT table)
2.
iptables -A INPUT -s [ip-address] -j ACCEPT (
sets an IP address
which can be accepted)
3.
iptables -A INPUT -j DROP (
drops everything else)