Re: INTERNAL Linux Firewall??

[Kerem ERSOY]

----- Original Message ----- From: "Joseph "Dan" Waggoner" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, November 22, 2001 6:34 PM Subject: INTERNAL Linux Firewall?? > > Problem is the RISC box may have an address of 192.168.1.200 and the rest > of the network is populated with address from .1 to .235.  So splitting the > RISC off to it's own subnet may not work. > You mean there are other hosts over the .1 segment ? I think It is a better idea to move  systems in .1 network to other segments. This way you don't need a bridge. The reason I don't like bridgeing ia all things hepen in lower layers do that you can't manipulate/filter  it through firewall .. > Here is what I would LIKE to do. > > Linux box, two NIC, ipchains (familiar with it).  Setup the internal > firewall to allow traffic from the rest of the network to the RISC box and > log the rest of the connection attempts.  I can setup the basic ipchains, > but have a problem getting my home network to work. > >                          Dual homed host > Laptop <--> Hub <--> NIC0 <--> NIC1 <--> Target System > > Thinking I need set the dual homed host as a bridge, then install the firewall. > Configured the Kernel 2.2.14 to allow for IP forwarding Lets do it 2.4.5 > and use Iptables insted of ipchains. Iptables has state information in addition to Ipchains so that no connection can be stareted from outside even it they play with headers to have ACK bit set thus more secure.  > > Question?  Can this be done?  And is Bridging the way to go?  If not and it > can be done, then how do I do it, or point me to the HOWTO. > Regards, Kerem ERSOY / Sibernet Ltd. Sti. Genel M�d�r / President IBM Certified Specialist - Firewall IBM Certified Specialist - AIX Sys. Admin.