Re: Firewall + NAT

[<karlp ourldsfamily com>]

See what Stefanus wrote. That is where I would point you.

You are doing something I don't yet. I'm still using NAT, however, it's a
little unconventional because the only ports that are port to port are 53
(DNS) and 80 (HTTP). I don't open up FTP for security reasons and telnet
is spoofed though strange ports.  On the Linux server, I use
/etc/hosts.deny and have ALL: ALL as the default, then in hosts.allow, I
have put only a few IPs including the internal network. So, between the
Cisco NAT and the server hosts.deny/allow, I've not had any breakins.
There is one problem with that. I don't see attempts even. On a client's
machine, they don't have any breakins, but I get an email every hour which
lists the attempts. But they are still on dial-up and don't have a router.

As I said, you are going farther than I've gone yet. I'm not inclined to
venture into that level until I see the need. Yes, I'm a dork, and a lazy
one at that.

Karl L. Pearson
Senior Consulting Systems Analyst
Senior Consulting Database Analyst
karlp ourldsfamily com

On Wed, 28 Feb 2001, CHAN Chow Chin, David wrote:

Hey Leonard den Ottolander and Karl L.Pearson,

	Sorry for disturbing.. I was wondering if you can give
me some pointers on how to configure a Linux box as a firewall???
I've read docs on IPMASQ, IPCHAINS and IPROUTE2 but I
didn't find anything on what I am looking for.

Basically, what I want it to do is to take over the router's NAT job.
I am hoping that I can set it up together with ipfiltering.
My problem is, in the Cisco router, you can nat a range of internal IPs
to a range of external ips. I am really stumped. I really can't find
any docs that I have read about exactly how to implement this.
Can you guys help me out?


Clueless,
David Chan

--------= End Transmission =---------
David Chan Chow Chin
Systems Engineer
NCSI (Malaysia) Sdn Bhd
601D Level 6, Tower D Uptown 5
5 Jalan SS21/39, Damansara Uptown
47400 Petaling Jaya
Selangor Darul Ehsan, Malaysia
Tel: 603-77256878 Ext 126
Fax: 603-77256898
e-mail: ccchan my ncs-i com

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 This email (including all attachments) contains
confidential information which may be privileged. It is
intended solely for the identified recipient(s) to whom it
is addressed. If you are not an intended recipient, please
reply to us immediately and delete this message from your
system. You may not copy or use it for any purpose, or
otherwise disclose its contents to any person.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-



_______________________________________________
Redhat-install-list mailing list
Redhat-install-list redhat com
https://listman.redhat.com/mailman/listinfo/redhat-install-list