Firewall Wizards mailing list archives
Re: Questions about firewall
From: dreamwvr <dreamwvr () dreamwvr com>
Date: Mon, 19 Jul 1999 23:34:05 -0600
hi fabio, it is getting late when i write this and i have not have my 64 coffee of the day so i might not read you loud and clear but here goes..;-) Masquerading in linux ala NAT is quite doable i do it all the time. either way it will work you simply need to use a combination of ipfwadm rules. for that see www.fwtk.org and click the IPFWADM FAQ or click first footer link below and click on the table IPFWADM. this will allow it it be filtered but you will still need to redirect the ports from realip.net/80 -> myrfc1918ip/80 using 'ipportfw' or equivalent. remember that it needs to stream across the great divide:-) you could set it up with a third interface which would be much better anyhow. that way it isolates things and is simpler to picture and manage. just redirect to the 3rd interface and your there. then naturally you would need to create rules to block any mistery packets from entering from this 3rd ethx to your innards interface. connect my mail and web server, or can I perform a NAT on the linux machine and make my servers, that are in the protect network, visible on the Internet ? In case of the second option, how can I implement the NAT ? see above for concept. hope this is some help!
Since I'll be using Red Hat 5.2 (kernel 2.0.36), I should use ipfwadm, is
that correct ? yes..
Can I have IP filters so that I can control access of certain protocols
and ports ? yes see the FAQ you can filter either direction and any port(s) you want. ipfwadm does what you need in your case namely TCP, UDP , ICMP so be as scutinizing as you feel you should.. which you should;-))
I also want to use a proxy/cache server. Is squid a good choice ?
squid is the best there is and has more going for it than at least one proxy server that you pay $$$$.00 4 . Plus it really is pretty clear to setup..
For these caracteristics I pretend to have in my firewall, what services
may I compile in the kernel and what modules should I install ? lost me here i don't get the first part of the question. but this should get you started.. b.t.w. you really shouldn't have any services running on the fw itself unless you just have to.. Regards, dreamwvr () dreamwvr com
Reuters, London, February 29, 1998: Scientists have announced discovering a meteorite which will strike the earth in March, 2028. Millions of UNIX coders expressed relief for being spared the UNIX epoch "crisis" of 2038. _______________________________________________________________________ ************** DREAMWVR.COM - TOTAL INTERNET SERVICES **************** TOTAL DESIGN - DEVELOPMENT - INTEGRATION - SECURITY - Click Here.. <http://www.dreamwvr.com/services/MAX_SEC.html> DREAMWVR.COM - The Console of Many... 90 Topics Covered <http://www.dreamwvr.com/dynamicduo.html> <mailto:dreamwvr () dreamwvr com> -> Linux-Mandrake Solution Provider and North American Distributor <- <http://www.dreamwvr.com/mandrake/mandrake-main.html> "===0 PGP Key Available *************** "As Unique as the Company You Keep." ***************** ________________________________________________________________________
Current thread:
- Questions about firewall fgb (Jul 19)
- Re: Questions about firewall Yin To Chu (Jul 20)
- Re: Questions about firewall Riccardo Fontana (Jul 20)
- Re: Questions about firewall dreamwvr (Jul 20)