by Hi. What I did , to make things easier was : Install RedHat with
the packet filter ( or firewall options ),
then I made I private network ( let's say a 10.0.0.0/255.255.255.252 )
between the firewall
and the router ( I don't know if this is your case ). Put your router as
default gateway for your firewall,
put your firewall as default router for your web server.
Now what you must consider that it does not matter how many ips you
will have inside , the most
delicate part is wich tcp or udp ports you will allow people to see from
outside. For example
web servers and ssl-enabled webservers work at ports 80 and 443, dns at port
53 (udp). So you can ( initialy )
open these ports for your whole net. You must install a dns cache for your
machines. The firewall
rule will looks like.
Outside | Inside
----------------------------------------------------------------
any ip: any port ---------------> any ip: port 80(tcp)
any ip: any port ---------------> any ip: port 443(tcp)
any ip: any port ------------------> your dns server ip :
port 53(udp)
any ip port 53 (udp/tdp) <-------- your dns cache:any port
(tcp/udp)
block anything else
You must search for something like "ip tables tutorial" on
google.com
it will be difficult at first try of course.
Quote:> Hi all,
> I have a virtual web server with aliased ip's on it and i am looking
for
> a way to protect it. I was thinking about using port forwarding but I
have
> no clue as how to handle it. The problem is this usually you just route1
> external IP to many internal IPs. But how would I do route multiple
> external IPs to multiple internal IPs and still be able to filter. I have
> been reading for days but i am confused.
> Some requirements I have:
> 1. must have multiple IPs for web server because am implementing SSL
> 2. will most likely add more virtual sites on the server
> 3. want to put dns server behind firewall if possible
> 4. will add virtual ftp server on the virtual web server machine.
> I would appreciate some guidance in this matter.
> Thanks,
> Oz