Re: Is this firewall config possible using Linux kernel 2.2.x?

Mon, 31 May 1999 07:11:23 -0700 

Read the ipchains howto
On Sun, 30 May 1999, Ola Theander wrote:

> Dear subscribers,
> 
> I'm trying to configure a firewall using Linux RH 5.2 with a 2.2.9 kernel.
> So far I've mostly done a lot of experimenting, configure the Linux box as a
> router etc, with moderate success.
> My goal is to setup a network with the structure described below and the
> reason for writing this mail is to get a confirmation whether or not this is
> doable with the existing utilities such as ipchains, iproute2 etc.
> 
> The desirable network structure:
> 
> Internet side          FW                     LAN
>                         |
> 163.12.13.120  ---------|------- 10.0.0.60    WWW -server
>                         |
> 163.12.13.119  ---------|------- 10.0.0.59    SMTP -server, DNS-server
>                         |
> 163.12.13.118  ---------|------- 10.0.0.58    WWW -server 2, FTP -server
>                         |
> 163.12.13.100  ---------|------- 10.0.0.***   All LAN client machines
>                         |
> 
> In the above scheme there are three servers inside the firewall, with fixed
> class A addresses. These servers have a corresponding fixed external ip
> addresses. I want computers on the Internet to be able to access the
> servers, i.e. the FW is using NAT to translate the traffic.
> In the LAN there also are a number of client machines, which get their ip
> addresses from a dhcp server. I want the traffic from all the client
> machines to be masqueraded through the ip address 163.12.13.100. I also
> would like to be able to restrict the lan clients to only be able to perform
> http traffic.
> 
> The traffic on the server addresses I would like to be able to restrict to
> the ports necessary for respective server.
> 
> I'm aware that the ftp server can cause some problems due to the
> peculiarities of the ftp protocol, but it's not an absolute requirement to
> have an ftp server.
> 
> I'm pretty sure what I want, but I not sure how to do it. The ideal response
> to this mail is a step-by-step list of what to do and an explanation of each
> step.
> 
> Hoping for help.
> 
> Kind regards, Ola Theander
> -
> To unsubscribe from this list: send the line "unsubscribe linux-net" in
> the body of a message to [EMAIL PROTECTED]
> 



-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]

Reply via email to