Ok, I think we're starting to home in on an understanding. I understand the necessity to harden the firewall and the servers behind it, and this task is most defiantly on the list. I am using the Debian potato 2.2 stock kernel, and thus ipchains. Constructing these rules is not a problem. I think I have a good understanding of the syntax, and have used scripts in the pat to construct working models.
My main problem is with the availability of internet access behind the firewall. With all firewall rules disabled (input output and forward all set to ACCEPT) I can't get a test box behind the firewall to see the firewall or any Ethernet signal on the network line. With the settings I have described, when I plug a line from the internal adapter of the firewall to the NIC of the Win2k test box, I expect to see the link light to come on, the network indicator in the system tray to so a connection, and to be able to ping the firewall from the test box, but I am not. As far as I can tell, there is no Ethernet signal coming form the firewall to service the internal network. This is my problem. Is there a setting I have forgotten, a service I should be running, a configuration I am missing? I have a base potato install, have changed the ipforward flag in /etc/network/options installed the second NIC in /etc/network/interfaces and reset the network. I have set the win2k box Tcp/Ip settings with the firewall as the gateway and given it an ip in the firewall's range. I have flushed the firewall rules and made them all ACCEPT. I even put a whimsical penguin sticker on the side of the firewall but strangely with no effect! What am I missing? I really appreciate this help, -Tom On 1/6/02 5:34 PM, "TOKI -- linux powa :)" <[EMAIL PROTECTED]> wrote: > Ok now i understand well. > Ok your network is very logical. I understand why you choosed to take > 10.0.x.y adresses. > > With debian it should be easy to setup this kind of firewall. > To my mind because it s just beetween 2 networks, i would have recommend > you openBSD. (because of the security of your lab too). > > Debian can be easily a strong firewall (mine is a debian). > It will let you the choice of 2.2 or 2.4 kernels (i dont recommand 2.5.1 > cause is stil in beta test) > > So with 2.2 you have ipchains, ipmasqadm, and with 2.4 iptable and NAT. > > However you will not have any difficulties to find a solution for your > prob. you can find lots of scripts for walling your debian on the net. > > try sourceforge.net or freshmeat.net > > Be happy. Your firewall will be easy to set up. > (But you have to secure it before doing anything else !!!) > Like removing files or services that you don t need, making strongest > rules for your wall, compiling your kernel staticly etc... > Tasks that you need to do !!! > And of course it will not protect you if you don t protect your servers. > > A long task for a newbie but it pays well ;)) > You can be sure .. ;) > > On Sun, 2002-01-06 at 22:47, Thomas Cook wrote: >> TOKI: >> >> >> The use is that I don�t really know what I'm doing. Well, not totally..
