[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

RE: ipchains, port forwarding and 3 nic FWs

From: "Andy Schuler" <news mail onemain com>
To: <redhat-list redhat com>
Subject: RE: ipchains, port forwarding and 3 nic FWs
Date: Wed, 13 Sep 2000 06:36:36 -0700

There's an example in the ipchains How-to very similar to the situation you
described

http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO-7.html

-shoe

>
>From: Chuck Mead <csm LinuxMall com>
>To: redhat-list redhat com
>Subject: RE: ipchains, port forwarding
>
>On Tue, 12 Sep 2000, Andy Schuler spewed into the bitstream:
>
>AS>Thanks! That's what I needed!
>
>It looked like a good link to me... :-)
>
>AS>On Tue, 12 Sep 2000, Andy Schuler wrote:
>AS>
>AS>AS>I've setup a router/firewall box running RH 6.2 and using ipchains.
I'm
>AS>AS>wondering if it's possible to forward requests on specific ports to
>AS>machine
>AS>AS>on the internal network. ie, a port 80 request will be passed
>through the
>AS>AS>firewall (int ip 192.168.1.1) to an internal box (192.168.1.5). Any
>AS>ideas?
>AS>
>AS>http://howto.real-time.com/realtime/PortForwarding/tclugpres/

I agree, it looked like a really good presentation.  However, I'vet found
any ipchains sample configurations dealing with the traditional three nic
firewall (see ascii art below)

                                                              DMZ/orange
network
                  red network        |               |=======
WebServer/mail/...
Internet ===============|   firewall  |
                                           |               | green network
                                           |               |======= highly
protected machines

what I am looking for it is a template which will let me grant

1) limited access from red network to orange network,
2) unlimited, masqueraded access from orange and green networks to red
network/Internet
3) limited access from orange to green (ssh/mail)
4) unlimited access from green to orange.
5) allow  the firewall to act as an IPSec router.

the green and orange network's will be in the 192.168.x.x range but
obviously not the same network.

any pointers to sample scripts or tools that will help me construct such a
firewall?

---eric

_______________________________________________
Redhat-list mailing list
Redhat-list redhat com
https://listman.redhat.com/mailman/listinfo/redhat-list

References:
- ipchains, port forwarding and 3 nic FWs
  - From: Eric S. Johansson

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]