Dear subscribers,
I�ve recently started to evaluate the Redhat Linux 5.2 distribution to
serve as a firewall. I want to have several servers behind the
firewall to be accessible from the Internet.
Each server will have two IP-addresses, one "public" that computers on
the Internet uses to access the server and the actual IP-address which
is the address on the internal network. I try to describe it with the
picture below.
Internet addresses Internal addresses
196.13.12.105 -----------| <-> |-------- 10.0.0.5 web
server 1
196.13.12.106 -----------| <-> |-------- 10.0.0.6 web
server 2
196.13.12.107 -----------| <-> |-------- 10.0.0.7 ftp server
196.13.12.108 -----------| <-> |-------- 10.0.0.8 smtp server
|__ __|
External NIC 196.13.12.110 | | 10.0.0.10 Ip-address of
internal NIC
-- Firewall --
In the picture you see the servers with their internal address and
their corresponding external addresses. What I want to do is to
provide a channel to the servers for requests on specific ports e.g.
for "web server 1" I want all requests on port 80 to be served and
denied on the other ports. I other words, if there is a request from
the internet on address 196.13.12.105, port 80, the request should be
forwarded to the address 10.0.0.5, port 80. The response from the web
server should then be routed back. I provide an example of a request
below.
|Internet User| ------(1) Src addr 123.12.12.14:62110, Dest addr
196.13.12.105:80 -->
|Firewall| ---------- (2) Src addr 10.0.0.10: 61123, Dest addr
10.0.0.5:80 -->
|web server 1| ------ (3) Src addr 10.0.0.5:80, Dest addr
10.0.0.10:61123--->
|Firewall|------------(4) Src addr 196.13.12.105:80, Dest addr
123.12.12.14:62110 ----
----->|Internet user|
The procedure above is, in chronological order:
(1) A user on the Internet sends a request to 196.13.12.105:80, which
is intercepted by the firewall.
(2) The firewall examines the packet, finds that it�s an allowed
request and forwards the packet to the internal net with the source
address changed to the firewalls internal nic and the destination to
the address of the webserver, port 80.
(3) The web server processes the request and sends the answer back to
the internal nic of the firewall.
(4) The firewall knows that the incoming packet on port 61123 should
be forwarded to address 123.12.12.14:62110 on the external nic, with
the destination address and port at stage 1 as the source address.
My question is, is it possible to achieve what�s described above with
the modules shipped with the Redhat 5.2 distribution? If I need any
additional modules, where can I get them? If I can�t achieve it with
Redhat, can I do it with another distribution?
Kind regards, Ola Theander
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
http://tiffany.indyramp.com/mailman/listinfo/masq
Admin requests can be handled by web (above) or [EMAIL PROTECTED]
