Firewall Wizards mailing list archives
Re: Firewall question
From: dreamwvr <dreamwvr () dreamwvr com>
Date: Tue, 13 Jul 1999 20:14:21 -0600
hi Carl, At 10:57 AM 7/13/99 -0700, Carl Swanson wrote:
I had a firewall question that I hoped the wizard
i don't know if i qualify by here goes..
might be able to help me with ;-) I want to set up a firewall on a Linux RedHat 5.2 machine with 2 NICs protecting a little network from the internet (connected using ISDN or DSL to an ISP connection). There will eventually be several of these little isolated networks.
not a problem so far..
I need to have static IP addresses and will have a block of 16 or 32 address per network, so total static ip addressing.
again this is just fine .. see RFC 1918 and choose your network:-)
I need to need able to connect to the little network via the internet to do admin work, etc, but obviously I don't want anyone else in, just me from a static IP address or two.
And I of course want to allow the little network users full access to the internet, including web, telnet, ftp, etc.
use masquerading feature of Linux which works like a charm..
It has been suggested that I set things up thusly: I want to set up both a firewall and a proxy server. Each machine in the local net will have its own IP address, and my firewall in the linux machine will only let certain internet IP addresses to connect (mine). All other ip address that try a direct connection will be denied (except machines that are responding to a telnet initiation, etc, from the local net)
not a problem this is simple as pie to control what ips which b.t.w. is not that secure since they can be ..err.. impersonated:-) hmmm.. for good proxy stuff goto www.fwtk.org for a pretty good ipfwadm guide goto the same and click the IPFWADM FAQ written by someone i know;-)
I'll also install a proxy server so I can control what users use what services through the gateway machine and onto the internet. I want to be able to control who has access and log where they go.
see SQUID for that as well as use the logging feature of ipfwadm.
I'll also disable telnet and ftp into the gateway machine, and use ssh, and the secure telnet and sftp versions (but I do need telnet and ftp access)
ssh does everything you need and sftp is part of ssh..
Since I'll be using RedHat 5.2 (kernel 2.0.36) I should use ipfwadm for the firewall.
here this would be a good choice it will get you what you want going for you.
Here are some questions I have: - First of all how does the above sound - What proxy software should I use?
see above and layer it with the features for screening and logging packets as part of the ipfwadm firewall stuff..
- Will I then need VPN at all between two linux machines over the internet? Or is the ssh and secure telnet and ftp enough? (I also want to do VNC remote control sessions,
now you will have to determine what port VNC uses as it is pretty busy and use ssh feature to portforward the connection. if you are going to connect to your network over the big I from another network then ssh should be good enough. Also see FreeSWAN if mem serves as it is a Free VPN implementation. remember you will need to redirect somehow legit ips to RFC1918 ips coming in else it goes nowhere.. see 'redir' or debian ipportfw. Well that pretty much covers it:-)
so that might be an issue).
Reuters, London, February 29, 1998: Scientists have announced discovering a meteorite which will strike the earth in March, 2028. Millions of UNIX coders expressed relief for being spared the UNIX epoch "crisis" of 2038. _______________________________________________________________________ ************** DREAMWVR.COM - TOTAL INTERNET SERVICES **************** TOTAL DESIGN - DEVELOPMENT - INTEGRATION - SECURITY - Click Here.. <http://www.dreamwvr.com/services/MAX_SEC.html> DREAMWVR.COM - The Console of Many... 90 Topics Covered <http://www.dreamwvr.com/dynamicduo.html> <mailto:dreamwvr () dreamwvr com> -> Linux-Mandrake Solution Provider and North American Distributor <- <http://www.dreamwvr.com/mandrake/mandrake-main.html> "===0 PGP Key Available *************** "As Unique as the Company You Keep." ***************** ________________________________________________________________________
Current thread:
- Firewall question Carl Swanson (Jul 13)
- Re: Firewall question Carric Dooley (Jul 14)
- Re: Firewall question dreamwvr (Jul 14)