Security Basics mailing list archives

Re: firewall setup

From: Nelson Santos <nsantos () gmail com>
Date: Wed, 7 Jul 2004 16:31:59 -0300

Hi Ognen,

you sure can. If you're using a Linux firewall I suggest leaving the
DNS as it is and put all the IP addresses in the Linux box. Then use
IPTables NAT functions to link the real IPs to the real servers. You
will have some complications if you're using virtual hosts, but
nothing you can't solve.
   If you want a quick-n-dirty solution try gShield. Just follow the
installation instructions and then configure the "/conf/forwards"
file. Use the software docs for more specific instructions.
   You can do the same with Windows/ISA Server. ISA can even do a high
level heather based redirection (like www.x.com and www.y.com have the
same IP but go to different machines). This is something I don't think
IPTables can do.


Hope that gives you some directions,

Nelson Santos

On Wed, 7 Jul 2004 14:33:16 +0000 (UTC), Ognen Duzlevski
<maketo () sdf lonestar org> wrote:

Hi, I have a basic question:

we have several boxes with unique public IP addresses which are part of a
big .edu namespace. I would like to put these machines behind one single
firewall and still keep their names. Is it possible to have all names
point to the firewall machine and then have the firewall direct the
specific request to a specific box behind it?

So, if F is firewall.x.edu and I have A.x.edu, B.x.edu and C.x.edu I want
to have A, B and C behind F. A, B and C should now point to F and F will
direct all outside requests to A, B or C based on the name.

Thanks,
Ognen

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

firewall setup Ognen Duzlevski (Jul 07)
- Re: firewall setup Salvador Sosa (Jul 07)
- RE: firewall setup David Gillett (Jul 07)
  - RE: firewall setup Ognen Duzlevski (Jul 07)
- RE: firewall setup Somnus (Jul 08)
- Re: firewall setup Dave Dearinger (Jul 08)
- Re: firewall setup Nelson Santos (Jul 08)
- <Possible follow-ups>
- RE: firewall setup MARTIN M. Bénoni (Jul 08)