Gonn Star wrote:
I am new in linux world,basically I'm using red hat 9
kernel 2.4.20-8. I need to build a trusted gateway. my
Whoa! You are starting out with something very old and bug-ridden. You
should scrap that and switch to a current release, whatever distro you
may choose.
Quite a few of those old bugs can bite very hard, including root
compromises. Being new, did you know how to update for security? Sure,
there's Fedora Legacy which may or may not be supporting the old stuff
with updates, but that is intended for people who have long-running
stable servers ... not to entice new users to RH 9.
linux box will be the gateway for several machine PCs
to go to the desired server. there will be several
subnets under the linux box, I've already assigned
static IPs for the PCs . Now my problem is I only need
2 PCs from each subnets to connect to certain servers,
and those 2 PCs can only have transaction(open) to the
specified servers, for others it will
drop(firewalled). for other PCs, they can't log on to
the outside world. should I use only iptable rules or
with the help of squid(ACL) as well ?
You do not seem to understand that HTTP is just one of many TCP/IP
protocols, and yet you want to set up complex networking controls.
Anyone who knows more than you do would likely find it a trivial task to
get around your controls.
please add up the commands as well. Thanks.
Specific questions which show that you have tried will tend to be
better-received than generalised requests for spoonfeeding. I do things
like this for a living, and I do not have time to earn your living as well.
You mention "production" which implies that this is needed in a business
setting. If so it's probably worth it to the business owners to pay for
expertise. You can't learn everything you need to know, overnight.
For you, I would recommend starting with the basics. There are good
HOWTOs at netfilter.org which might help.
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
_______________________________________________
LARTC mailing list
[email protected]
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
