First point of call, isn't the 2.2.14 kernel subject to some security issues and thus at least 2.2.19 being required?
Thanks, Ron DuFresne On Thu, 22 Nov 2001, Joseph "Dan" Waggoner wrote: > Scenario > > Internet <--> Firewall <--> Internal Network > > What I would like to do (explain why later) > > Internet <--> Firewall <--> Internal Network <--> Internal Firewall <--> > RISC/6000 > > Have clients who probably need to go with the second option as the services > which are running on the RISC/6000 are NOT what you would like running > unchecked! (ftp, telnet, httpd, and etc). However, the clients cannot > configure or touch the RISC/6000 because to do so would void their contract > with the Service company and annual maintenance agreement. We have sent > several letters over the last several years trying to get the companies > (more than one, seen examples at several different clients) to strengthen > the security of the clients main processor (RISC/6000, HP9000, DEC ALPHA, > and AS/400 for example). So we would like to limit the traffic from the > internal network to ONLY those ports which are necessary, i.e. ports > 300-325 (actually used by some software vendors ??) > > Problem is the RISC box may have an address of 192.168.1.200 and the rest > of the network is populated with address from .1 to .235. So splitting the > RISC off to it's own subnet may not work. > > Here is what I would LIKE to do. > > Linux box, two NIC, ipchains (familiar with it). Setup the internal > firewall to allow traffic from the rest of the network to the RISC box and > log the rest of the connection attempts. I can setup the basic ipchains, > but have a problem getting my home network to work. > > Dual homed host > Laptop <--> Hub <--> NIC0 <--> NIC1 <--> Target System > > Thinking I need set the dual homed host as a bridge, then install the firewall. > Configured the Kernel 2.2.14 to allow for IP forwarding > > Question? Can this be done? And is Bridging the way to go? If not and it > can be done, then how do I do it, or point me to the HOWTO. > > Thank for the help > > > Joseph "Dan" Waggoner, CISA > Information System Security Auditor > Texas Credit Union League > > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
