help with designing & implementing linux firewall

help with designing & implementing linux firewall

Post by Hung Ngoc La » Fri, 01 Sep 2000 13:18:44



Hello Everyone,

After a few weeks of reading and trial & error, I have been able to implement IP chains
and IP masq to run on my linux box (RedHat version 6.1 with kernel 2.2.16).  Now my
local network can access the Internet with no problem.  Now I would like to take it to
another level.  Any suggestions from anyone is greatly appreciated.  

I would like to implement two firewalls configuration.  The first linux firewall is directly
connected to the Internet.  This firewall has two interfaces.  The external interface IP
address is 199.0.216.222.  The internal interface has an IP address of 192.168.1.1
(private address range or RFC1918).  This internal interface is connected to a
network which consists of web server, ftp server and mail server.  I call the
192.168.1.0 network the DMZ network.  Furthermore, I call the first firewall "choke".

The second linux firewall also has two interfaces.  The external interface is connected
to the 192.168.1.0 network.  The internal interface is connected to the 172.16.1.0
network which is a private corporation that has about 100 nodes on this network.
Behind the second firewall consists of various Microsoft Windows and Linux
machines running various applications.  

I would like to accomplish the following objectives:

1) Allow users from 172.16.1.0/24 network to access the Internet with applications
such as http, ftp, telnet and smtp,

2) Protect the private network.  However, I would like users on the Internet to access
some linux machine in the 172.16.1.0 network with applications such as SSH,

3) Internet users should be able to access both the FTP and WWW servers which
are sitting behind the first firewall.

My question is this:  Can this be done with just one valid IP address?  Is it possible
for the network behind the first firewall to be in private IP address range (RFC1918)?
What exactly do I need to do on both firewalls?  

Before you start telling to read books and figure it out, I would like to say that I have
spent a lot of time at Border and Barnes & Noble to research on this implementation.
They only provide me with piece-meal solutions... I need someone who can give
me a general idea with this implementation to jump start my research (again)... Please
provide me what I have to do.... I need help guy..... Please help me....

Thanks.
David

 
 
 

help with designing & implementing linux firewall

Post by Black Drag » Sat, 02 Sep 2000 00:03:11


On 31 Aug 2000 04:18:44 GMT in comp.os.linux.setup,

>Hello Everyone,

>After a few weeks of reading and trial & error, I have been able to implement IP chains
>and IP masq to run on my linux box (RedHat version 6.1 with kernel 2.2.16).  Now my
>local network can access the Internet with no problem.  Now I would like to take it to
>another level.  Any suggestions from anyone is greatly appreciated.  

>I would like to implement two firewalls configuration.  The first linux firewall is directly
>connected to the Internet.  This firewall has two interfaces.  The external interface IP
>address is 199.0.216.222.  The internal interface has an IP address of 192.168.1.1
>(private address range or RFC1918).  This internal interface is connected to a
>network which consists of web server, ftp server and mail server.  I call the
>192.168.1.0 network the DMZ network.  Furthermore, I call the first firewall "choke".

>The second linux firewall also has two interfaces.  The external interface is connected
>to the 192.168.1.0 network.  The internal interface is connected to the 172.16.1.0
>network which is a private corporation that has about 100 nodes on this network.
>Behind the second firewall consists of various Microsoft Windows and Linux
>machines running various applications.  

>I would like to accomplish the following objectives:

>1) Allow users from 172.16.1.0/24 network to access the Internet with applications
>such as http, ftp, telnet and smtp,

>2) Protect the private network.  However, I would like users on the Internet to access
>some linux machine in the 172.16.1.0 network with applications such as SSH,

>3) Internet users should be able to access both the FTP and WWW servers which
>are sitting behind the first firewall.

>My question is this:  Can this be done with just one valid IP address?  Is it possible
>for the network behind the first firewall to be in private IP address range (RFC1918)?
>What exactly do I need to do on both firewalls?  

>Before you start telling to read books and figure it out, I would like to say that I have
>spent a lot of time at Border and Barnes & Noble to research on this implementation.
>They only provide me with piece-meal solutions... I need someone who can give
>me a general idea with this implementation to jump start my research (again)... Please
>provide me what I have to do.... I need help guy..... Please help me....

>Thanks.
>David


Do a [ http://www.google.com ] search for `firewall + linux', and you will find
lots of examples, information, and usable firewall scripts. Here is a url to an
example firewall script on Red Hat's site, for a quick preview:

http://www.redhat.com/support/docs/tips/firewall/firewallservice.html

--
Black Dragon

"Resist militant `normality' -- A mind is a terrible thing to erase."

 
 
 

1. help with designing & implementing linux firewall

Hello Everyone,

After a few weeks of reading and trial & error, I have been able to implement IP chains
and IP masq to run on my linux box (RedHat version 6.1 with kernel 2.2.16).  Now my
local network can access the Internet with no problem.  Now I would like to take it to
another level.  Any suggestions from anyone is greatly appreciated.  

I would like to implement two firewalls configuration.  The first linux firewall is directly
connected to the Internet.  This firewall has two interfaces.  The external interface IP
address is 199.0.216.222.  The internal interface has an IP address of 192.168.1.1
(private address range or RFC1918).  This internal interface is connected to a
network which consists of web server, ftp server and mail server.  I call the
192.168.1.0 network the DMZ network.  Furthermore, I call the first firewall "choke".

The second linux firewall also has two interfaces.  The external interface is connected
to the 192.168.1.0 network.  The internal interface is connected to the 172.16.1.0
network which is a private corporation that has about 100 nodes on this network.
Behind the second firewall consists of various Microsoft Windows and Linux
machines running various applications.  

I would like to accomplish the following objectives:

1) Allow users from 172.16.1.0/24 network to access the Internet with applications
such as http, ftp, telnet and smtp,

2) Protect the private network.  However, I would like users on the Internet to access
some linux machine in the 172.16.1.0 network with applications such as SSH,

3) Internet users should be able to access both the FTP and WWW servers which
are sitting behind the first firewall.

My question is this:  Can this be done with just one valid IP address?  Is it possible
for the network behind the first firewall to be in private IP address range (RFC1918)?
What exactly do I need to do on both firewalls?  

Before you start telling to read books and figure it out, I would like to say that I have
spent a lot of time at Border and Barnes & Noble to research on this implementation.
They only provide me with piece-meal solutions... I need someone who can give
me a general idea with this implementation to jump start my research (again)... Please
provide me what I have to do.... I need help guy..... Please help me....

Thanks.
David

2. 2nd ALSA update [4/12] - 2002/08/14

3. dsl & firewall design question

4. Backup MX

5. Help: XF (Tcl/tk design tool) & Linux installation

6. Q: File /etc/psdatabase ??

7. pipe design problem in implementing a shell

8. Solaris 7 bootblock

9. How to buy the book " Design and Implement Freebsd"

10. Linux Redhat 7.1 & Cable Modem & DHCP Server & Firewall

11. Linux IPFW Firewall Design Tool site

12. Q: Implementing DMZ in a Linux firewall. Possible?