Re: Questions about firewall

[dreamwvr <dreamwvr () dreamwvr com>]

hi fabio,
it is getting late when i write this and i have not have my 64 coffee of
the day
so i might not read you loud and clear but here goes..;-) Masquerading in
linux
ala NAT is quite doable i do it all the time. either way it will work you
simply 
need to use a combination of ipfwadm rules. for that see www.fwtk.org and
click 
the IPFWADM FAQ or click first footer link below and click on the table
IPFWADM.
this will allow it it be filtered but you will still need to redirect the
ports
from realip.net/80 -> myrfc1918ip/80 using 'ipportfw' or equivalent.
remember that 
it needs to stream across the great divide:-) you could set it up with a third
interface which would be much better anyhow. that way it isolates things and 
is simpler to picture and manage. just redirect to the 3rd interface and your 
there. then naturally you would need to create rules to block any mistery
packets
from entering from this 3rd ethx to your innards interface. 
connect my mail and web server, or can I perform a NAT on the linux machine
and make my servers, that are in the protect network, visible on the
Internet ? In case of the second option, how can I implement the NAT ?
see above for concept. hope this is some help!
> Since I'll be using Red Hat 5.2 (kernel 2.0.36), I should use ipfwadm, is
that correct ?
yes..
> Can I  have IP filters so that I can control access of certain protocols
and ports ?
yes see the FAQ you can filter either direction and any port(s) you want.
ipfwadm 
does what you need in your case namely TCP, UDP , ICMP so be as scutinizing
as you 
feel you should.. which you should;-))
> I also want to use a proxy/cache server. Is squid a good choice ?
squid is the best there is and has more going for it than at least one
proxy server 
that you pay $$$$.00 4 . Plus it really is pretty clear to setup..
> For these caracteristics I pretend to have in my firewall, what services
may I compile in the kernel and what modules should I install ?
lost me here i don't get the first part of the question. but this should
get you 
started.. b.t.w. you really shouldn't have any services running on the fw
itself 
unless you just have to..
                                                        Regards,
                                                        dreamwvr () dreamwvr com

>
Reuters, London, February 29, 1998: 
Scientists have announced discovering a meteorite which will strike the 
earth in March, 2028.  Millions of UNIX coders expressed relief for being 
spared the UNIX epoch "crisis" of 2038.
_______________________________________________________________________

************** DREAMWVR.COM - TOTAL INTERNET SERVICES ****************
  TOTAL DESIGN - DEVELOPMENT - INTEGRATION - SECURITY - Click Here..
           <http://www.dreamwvr.com/services/MAX_SEC.html>
   DREAMWVR.COM - The Console of Many... 90 Topics Covered
<http://www.dreamwvr.com/dynamicduo.html> <mailto:dreamwvr () dreamwvr com>
 -> Linux-Mandrake Solution Provider and North American Distributor <-
         <http://www.dreamwvr.com/mandrake/mandrake-main.html>
                       "===0 PGP Key Available  
*************** "As Unique as the Company You Keep." *****************
________________________________________________________________________