I am looking for the best firewall configuration software for Mandrake
version 8.
The firewall that comes in the control panel is next to useless and the tech
support centre for mandrake told me that they do not support Bastille.
What I am trying to do is this.
I have two locations, Office1 and Office2
both locations have a router that connects them to the internet and each has
32 ip addresses.
The router at each location connects directly to a system we call a SAN
(system access node) so we have SAN1 at Office1 and SAN2 at Office2
Each SAN has three network cards (eth0, eth1, eth2), one for each ethernet
segment in the office.
eth0 connects to the router for the office and nothing else.
eth1 connects to the rest of the routable ip addresses and is a DMZ.
eth2 connects to the rest of the office workstations and uses a non-routable
ip block.
All traffic has to travel through the SAN in order to get to any other
ethernet segment.
The SAN acts as a NAT server for the non-routable ip addresses, and acts as a
intelligent firewall vs a simple filter for the DMZ machines.
The two SAN's need to set up a secure VPN between them extending the
non-routable block accross the two offices.
The setup is a little more complex than that, but, if I can set that up, I
can extrapolate the rest.
My problem is, I know that the firewalling and masqaurading rules have
changed between the 2.2 and 2.4 kernels. I am getting conflicting
instructions from the different books and how-to's depending on what is
newer. I have also found that mandrake makes some assumptions towards
security and configuration that conflict with some of the How-to's.
I need to know, where can I find the how-to's that support Mandrake 8.0 and
address my design needs?
Is there a configuration tool that supports the design I require?
Has anyone else had any experience in this?
Mandrake Tech support was useless, even with sitting on hold for 15 minutes
while the guy goes to ask someone else what NAT is.
Although I have always supported Mandrake and bought the Prosuite Edition, I
am now regreting having spent the money for support that the company does not
really provide.
best regards
Dalton
