Jun Tanamal said: > > > Winelfred G. Pasamba wrote: > >> i guess your question is: >> how to have a firewall relay only specific packets to a NAT machine, >> which will redirect/NAT specific connections to other specific machines? > this might be too complicated for me >> why not have the firewall and NAT in one machine? >> that might be simpler, unless your traffic is very heavy. > > Actually, that's the current configuration now- all-in-one > (NAT,firewall,http,postfix,DNS,DHCP,SMB,etc)*poor security* > > I need help on how to migrate it or configure on a separate machine for > the firewall and NAT with less *downtime*. > I want to insert a firewall/NAT machine in front of our local network > and bandwidth control later. > > I'm confused. Do I need to addroutes to the routing table? or is it > sufficient for the firewall/NAT to do the routing?
do you have public-IPs other than your all-in-one machine? if none then no need for routing. pero pwede rin meron. > Can "ping" work without a DNS? (I tried to setup a test machine without > a DNS server but with static IP specified only) yes, with "ping IP-address" > > TIA, > -Jun > if i were you i'd do a simple setup. i'd put a firewall/NAT machine with an external and internal interface. all the services provided to the internet i'll NAT to other internal servers. unless the people inside need public ips it could be that simple. if you need (or even if you don't need) help i'd be glad to visit your setup some time. :) para may excuse ako tumakas minsan pag lang magawa hehe -- "There is no security in life, just opportunities." Douglas McArthur -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
