hi all,
i am trying to implement a web project as shown below.
the linx box A, is runnin SuSe 6.4 (kernel 2.2.14) with
ipchainig/ipmasquerading setup.
A does not have 2 ethernet cards, but i am using
ip alias ( as eth0 and eth0:0).
in both cases I and II want to enable IPPORTFW, to enable
specific packets from the web
server to be allowed to the ldap, application and database server.
i would be greatful for any suggestions/advice/comment ,
Case 1: would be the normal scenario, involving a webserver,
a database, a ldap server, and an app. server (for servlet/jsp),
considering security as well as web clustering, etc.
case 1:
firewall
|
|
|
internet | Lan
|
|
| |--------|
|-------| | | WEB |
____| linux|-------| B | -------------------------------------
| A | | |--------| | | |
|-------| | port 80 | | |
202.54.18.55/| C | D | E |
192.168.1.1 | 192.168.1.2 |-------| |-------| |-------|
| Applic| | LDAP | | Datab |
|ation | | | |ase |
|Server | | | |Server |
|-------| |-------| |-------|
port 9000 port 3000 port 1521
192.168.1.3 192.168.1.4 192.168.1.5
Case II: however, in certain cases, with a webserver already in
place, and the other components (ldap,database,etc) being added
later on,this is the scenario.
case 2:
firewall
|
|
internet | Lan
|
|
|
|--------| |-------| |
| WEB |_______| linux|-|---------------------------------------
| B | | A | | | | |
|--------| |-------| | | | |
port 80 | | | |
202.54.18.55/| | C D | | E
192.168.1.1 | |-------| |-------| |-------|
202.54.18.56 | | Applic| | LDAP | | Datab |
|ation | | | |ase |
|Server | | | |Server |
|-------| |-------| |-------|
port 9000 port 3000 port 1521
192.168.1.3 192.168.1.4 192.168.1.5
so,
for case I, will this work as ($extip is defined for all ext ips):
# ipmasqadm portfw -f
# ipmasqadm portfw - a- P tcp -L $extip 80 -R 192.168.1.2 80
and,
for case II, will this work as ($extip is defined for all ext ips):
#ipmasqadm portfw -f
#ipmasqadm portfw - a- P tcp -L 202.54.18.56 9000 -R 192.168.1.3 9000
query.pdf
