hello, apart from some masquerading stuff for my dsl router I'm really new to the firewall topic, but anyway i now have to configure some. the first and most complex one is for a server mainly hosting webpages and running some services to make webmasters life easier, like ssh and ftp. additional it runs a nameserver for the two domains it hosts and a mailserver used by some people as relay/smarthost.
The special thing about this server is that it has 4 different ips on the devices eth0, eth0:0, eth0:1 and eth0:2, the first three in the same class C net, the forth in another. This way I workaround the two nameservers from different class c nets required by denic to set new nameserver entries for .de domains. My luck that my hosting center supports that *g* so i use the first ip and the last one for nameserver and mail, and the other two for all the other stuff, mainly devided on dns base. Now I'dd like to setup a firewall that allows full access to the ports I configure (21, 22, 25, 53, 80, 143, 443, 993, ...), and denies access to all other ports by default, but support to allow access to given ports based on dns/ip authentication. I already searched the files in /usr/shared/doc/iptables/ and lurked for some firewall frontends/scripts, but didn't find the right thing. fiaif looked nice first, but i didn't get the picture about how to configure it nice, and it blocked to much by default configuration for me (for example my non-standard ftp ports). maybe you can point me to the right docs or simply to the right firewall tools. bye jonas
