LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] IP Chains and general firewalling

[ILUG] IP Chains and general firewalling

Conor Daly conor.daly at oceanfree.net
Wed Jun 14 12:17:23 IST 2000 

Paul Mc Auley wrote:
> 
> I'm trying to get my head around setting up a toy firewall using ipchains
> and I have a few questions... if I have a subnet 10.1.2.0/24 and I wish to
> put a box in front of a given subnet of those, but I still wish the
> firewalled hosts to appear to be distinct.
> 
> Does this take deep magic? One thought I had was to set up multiple aliases
> on the external interface and do port forwarding, but I'm not too sure...
> 

If I read you right, you want to firewall a section of a Class A private
network from another part of the same network?  That's easy!

Just physically seperate the sections of the network and put your
firewall in as the router.  If you're remaining only within the private
network, the hosts will appear as before just with the firewall rules
affecting how they can be accessed.  

It's only if you need to connect to the Internet through the firewall
that you'll have to think about IP Masquerading but even here, your
hosts will appear as before on the local net and will be masqueraded
only on the Internet connection.

The usual reason I've seen for wanting a host behind a firewall to be
visible outside it is to run servers like http, ftp, telnet etc.  You
can route specific ports to the relevant machine(s) using port
forwarding but a specific port can be routed to *only one* machine.  All
the info is there in the Firewall-HOWTO, the IPChains-HOWTO and the
IP-Masq-HOWTO from the LDP at www.linuxdoc.org .  

It's generally considered safer to put public server machines on the
Internet side of a firewall and treat them as "dirty".  Of course, you
need public IP addresses for each server in that case.

That help at all?

-- 
Conor Daly

ph  +353 1 8326146
conor.daly at oceanfree.net
------------------------

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell