firewall on a virtual web server with multiple IPs

firewall on a virtual web server with multiple IPs

Post by CODETE » Sun, 09 Feb 2003 06:20:30



        Hi. What I did , to make things easier was :  Install RedHat with
the packet filter ( or firewall options ),
then I made I private network ( let's say a 10.0.0.0/255.255.255.252 )
between the firewall
and the router ( I don't know if this is your case ). Put your router as
default gateway for your firewall,
put your firewall as default router for your web server.

      Now what you must consider that it does not matter how many ips you
will have inside , the most
delicate part is wich tcp or udp ports you will allow people to see from
outside. For example
web servers and ssl-enabled webservers work at ports 80 and 443, dns at port
53 (udp). So you can ( initialy )
open these ports for your whole net. You must install a dns cache for your
machines. The firewall
rule will looks like.

     Outside                                 |             Inside
----------------------------------------------------------------
       any ip: any port             --------------->  any ip: port 80(tcp)
      any ip: any port             --------------->  any ip: port 443(tcp)
      any ip: any port           ------------------> your dns server ip :
port 53(udp)
       any ip port 53 (udp/tdp)   <--------  your dns cache:any port
(tcp/udp)
                     block anything else

      You must search for something like "ip tables tutorial"   on
google.com
it will be difficult at first try of course.


Quote:> Hi all,

>     I have a virtual web server with aliased ip's on it and i am looking
for
> a way to protect it.  I was thinking about using port forwarding but I
have
> no clue as how to handle it. The problem is this usually you just route1
> external IP to many internal IPs.  But how would I do route multiple
> external IPs to multiple internal IPs and still be able to filter.  I have
> been reading for days but i am confused.

> Some requirements I have:
>     1.  must have multiple IPs for web server because am implementing SSL
>     2.  will most likely add more virtual sites on the server
>     3.  want to put dns server behind firewall if possible
>     4.  will add virtual ftp server on the virtual web server machine.

> I would appreciate some guidance in this matter.

> Thanks,
> Oz

 
 
 

1. firewall on a virtual web server with multiple IPs

Hi all,

    I have a virtual web server with aliased ip's on it and i am looking for
a way to protect it.  I was thinking about using port forwarding but I have
no clue as how to handle it. The problem is this usually you just route1
external IP to many internal IPs.  But how would I do route multiple
external IPs to multiple internal IPs and still be able to filter.  I have
been reading for days but i am confused.

Some requirements I have:
    1.  must have multiple IPs for web server because am implementing SSL
    2.  will most likely add more virtual sites on the server
    3.  want to put dns server behind firewall if possible
    4.  will add virtual ftp server on the virtual web server machine.

I would appreciate some guidance in this matter.

Thanks,
Oz

2. crontab permissions

3. Multiple IPs on eth0 for Virtual Web Server

4. Newbie:Cd music

5. ?Multiple domains with multiple IPs on HPUX 9.05 and Netscape Comm Server?

6. dropped RX packets..how do I troubleshoot?

7. Virtual Hosting With Mutliple Web Server behind Linux Firewall

8. How to deal with different server names ?

9. Firewall for multiple web servers + ipchains + ipmasqadm portfw

10. Problem with multiple physical web servers behind a firewall

11. Firewall, multiple web servers question

12. Traffic routing for Multiple Web & Mail Servers behind a single linux firewall

13. 1000 ips on one Box for Virtual Web Hosting