OT: Re: Firewalling: best approach?

To: debian-user@lists.debian.org
Subject: OT: Re: Firewalling: best approach?
From: "M. Maas" <mark@mateo.xs4all.nl>
Date: Thu, 09 Feb 2006 11:59:43 +0100
Message-id: <[🔎] 43EB209F.2080704@mateo.xs4all.nl>
In-reply-to: <[🔎] 1139459412.4781.15.camel@localhost.localdomain>
References: <[🔎] 1139459412.4781.15.camel@localhost.localdomain>

Hi,

Listen I don't want to be an ass... No really.. I don't!

But would the use shorewall not make it easier? Or even the IPcop
distribution?

Seriously, I'd like to know the reasoning behind choosing the manual
route instead of a easier automated one.

Thanks,
Mark

Bradley Alexander wrote:
> I am trying to configure a firewall, but nailing down the configuration
> is eluding me. The box is running Debian stable. I have tried with
> iproute2 (I'm including a description below), but not gotten the
> intended effect. I have tried the lartc list, to no avail. A friend of
> mine suggested setting up a virtual server for one set of interfaces and
> running the other set on the native machine. Which is the best approach
> to this? Muddling through the iproute2 configuration, or the virtual
> server route? If virtual server, which would be the best one? Qemu? Xen?
> VMware player or server (Free as in beer, but not is in speech)? 
> 
> Basically, I have a rackmount server with six network interfaces (2
> onboard and a quad card). eth0 is the internal network, eth1 is a kiosk
> network, eth2 is a DMZ/wireless network. On the outbound side, eth3 is a
> DSL connection and eth4 is a cablemodem connection.
> 
> What I am trying to do is route all internal traffic out the DSL
> connection (eth0 to eth3), and the two dmzs, kiosk and wireless out the
> cable connection (eth1 and eth2 to eth4). Thus far as I have been unable
> to get this to work.
> 
> For the sake of the discussion, the internal network is 10.1.1.0/24, the
> kiosk is 172.16.1.0/24 and the dmz/wireless is 192.168.1.0/24. The dsl
> line is 1.2.3.4 and the cable line is 9.8.7.6.
> 
> I added the following to rt_tables:
> 
> 1       internal
> 2       kiosk
> 3       dmz
> 
> then created a script
> 
> ip rule add from 10.1.1.0/24 table internal
> ip route add default via 1.2.3.4 dev eth3 table internal
> 
> ip rule add from 172.16.1.0/24 table kiosk
> ip route add default via 9.8.7.6 dev eth4 table kiosk
> 
> ip rule add from 192.168.1.0/24 table dmz
> ip route add default via 9.8.7.6 dev eth4 table dmz
> 
> When I run this script, it does not do what I expect, especially after
> running the firewall rules atop it. I thought I had it nailed, but it
> wasn't working as expected, and I really couldn't test very well.
> 
> I'm hoping some kind soul on this list might have a few minutes for an
> email exchange to help me get this sorted out. If so, please email me
> off-list. I'm sure its probably something that I overlooked, but I'm at
> a loss as to what.
> 
> Regards,
> --b
> 
> 
> 

-- 
www: http://menem.mine.nu/blog/

Reply to:

Follow-Ups:
- Re: OT: Re: Firewalling: best approach?
  - From: "Clifford W. Hansen" <cliffordh@wbs.co.za>

References:
- Firewalling: best approach?
  - From: Bradley Alexander <storm@tux.org>

Prev by Date: Re: udev strangeness in Sid?
Next by Date: dual head, xorg and -sharevts
Previous by thread: Re: Firewalling: best approach?
Next by thread: Re: OT: Re: Firewalling: best approach?
Index(es):
- Date
- Thread