Dear subscribers,
I'm trying to configure a firewall using Linux RH 5.2 with a 2.2.9 kernel.
So far I've mostly done a lot of experimenting, configure the Linux box as a
router etc, with moderate success.
My goal is to setup a network with the structure described below and the
reason for writing this mail is to get a confirmation whether or not this is
doable with the existing utilities such as ipchains, iproute2 etc.
The desirable network structure:
Internet side FW LAN
|
163.12.13.120 ---------|------- 10.0.0.60 WWW -server
|
163.12.13.119 ---------|------- 10.0.0.59 SMTP -server, DNS-server
|
163.12.13.118 ---------|------- 10.0.0.58 WWW -server 2, FTP -server
|
163.12.13.100 ---------|------- 10.0.0.*** All LAN client machines
|
In the above scheme there are three servers inside the firewall, with fixed
class A addresses. These servers have a corresponding fixed external ip
addresses. I want computers on the Internet to be able to access the
servers, i.e. the FW is using NAT to translate the traffic.
In the LAN there also are a number of client machines, which get their ip
addresses from a dhcp server. I want the traffic from all the client
machines to be masqueraded through the ip address 163.12.13.100. I also
would like to be able to restrict the lan clients to only be able to perform
http traffic.
The traffic on the server addresses I would like to be able to restrict to
the ports necessary for respective server.
I'm aware that the ftp server can cause some problems due to the
peculiarities of the ftp protocol, but it's not an absolute requirement to
have an ftp server.
I'm pretty sure what I want, but I not sure how to do it. The ideal response
to this mail is a step-by-step list of what to do and an explanation of each
step.
Hoping for help.
Kind regards, Ola Theander
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
