Block traffic to certain servers

Question

In my organization, I'd like to make sure all servers are only accessible from the inside. The only exceptions are the mail and webservers.

What's the best way to do this?

My own suggestion was blocking ALL incoming traffic via 'iptables' except mail and web traffic (and SSH) Is this the best way to do this or are there any better suggestions?

Thanks!

EDIT: I found a pretty similar topology as ours: enter image description here

You're going to have to explain your network topology and servers. Are your servers facing the internet? What do they run? What routes your LAN to WAN? Etc. Make a drawing if you can, perhaps. — Halfgaar, Dec 20 '14 at 15:57

score 2 · Accepted Answer · answered Dec 20 '14 at 16:27

So the machines don't have internet addressable IP addresses and you only have one IP address available to you? Then you're going to have to configure your router/firewall to forward the desired traffic to the machines in question. If you don't do anything to your router/firewall, your first wish is granted: the machines are only available to the inside.

Block traffic to certain servers

1 Answers1