Hi Charles,
Thanks for your answer. I have read the ipchains howto, but it doesn't
answer all my questions. The ipchains howto describes how I can set up my
rules to restrict the traffic, but I have two problems I have to solve
before that.
1) I haven't managed to get NAT working using iproute2.
2) Is it possible to NAT the server addresses and masquerade all other
addresses? How do I configure this?
When those issues are solved, then it's time to restrict the traffic using
ipchains.
/Ola
> -----Original Message-----
> From: Charles [mailto:[EMAIL PROTECTED]]
> Sent: den 31 maj 1999 12:37
> To: Ola Theander
> Cc: [EMAIL PROTECTED]
> Subject: Re: Is this firewall config possible using Linux
> kernel 2.2.x?
>
>
> Read the ipchains howto
> On Sun, 30 May 1999, Ola Theander wrote:
>
> > Dear subscribers,
> >
> > I'm trying to configure a firewall using Linux RH 5.2 with
> a 2.2.9 kernel.
> > So far I've mostly done a lot of experimenting, configure
> the Linux box as a
> > router etc, with moderate success.
> > My goal is to setup a network with the structure described
> below and the
> > reason for writing this mail is to get a confirmation
> whether or not this is
> > doable with the existing utilities such as ipchains, iproute2 etc.
> >
> > The desirable network structure:
> >
> > Internet side FW LAN
> > |
> > 163.12.13.120 ---------|------- 10.0.0.60 WWW -server
> > |
> > 163.12.13.119 ---------|------- 10.0.0.59 SMTP -server,
> DNS-server
> > |
> > 163.12.13.118 ---------|------- 10.0.0.58 WWW -server
> 2, FTP -server
> > |
> > 163.12.13.100 ---------|------- 10.0.0.*** All LAN
> client machines
> > |
> >
> > In the above scheme there are three servers inside the
> firewall, with fixed
> > class A addresses. These servers have a corresponding fixed
> external ip
> > addresses. I want computers on the Internet to be able to access the
> > servers, i.e. the FW is using NAT to translate the traffic.
> > In the LAN there also are a number of client machines,
> which get their ip
> > addresses from a dhcp server. I want the traffic from all the client
> > machines to be masqueraded through the ip address
> 163.12.13.100. I also
> > would like to be able to restrict the lan clients to only
> be able to perform
> > http traffic.
> >
> > The traffic on the server addresses I would like to be able
> to restrict to
> > the ports necessary for respective server.
> >
> > I'm aware that the ftp server can cause some problems due to the
> > peculiarities of the ftp protocol, but it's not an absolute
> requirement to
> > have an ftp server.
> >
> > I'm pretty sure what I want, but I not sure how to do it.
> The ideal response
> > to this mail is a step-by-step list of what to do and an
> explanation of each
> > step.
> >
> > Hoping for help.
> >
> > Kind regards, Ola Theander
> > -
> > To unsubscribe from this list: send the line "unsubscribe
> linux-net" in
> > the body of a message to [EMAIL PROTECTED]
> >
>
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe
> linux-net" in
> the body of a message to [EMAIL PROTECTED]
>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
