Re: Ip_forward trouble
Ok now i understand well.
Ok your network is very logical. I understand why you choosed to take
10.0.x.y adresses.
With debian it should be easy to setup this kind of firewall.
To my mind because it s just beetween 2 networks, i would have recommend
you openBSD. (because of the security of your lab too).
Debian can be easily a strong firewall (mine is a debian).
It will let you the choice of 2.2 or 2.4 kernels (i dont recommand 2.5.1
cause is stil in beta test)
So with 2.2 you have ipchains, ipmasqadm, and with 2.4 iptable and NAT.
However you will not have any difficulties to find a solution for your
prob. you can find lots of scripts for walling your debian on the net.
try sourceforge.net or freshmeat.net
Be happy. Your firewall will be easy to set up.
(But you have to secure it before doing anything else !!!)
Like removing files or services that you don t need, making strongest
rules for your wall, compiling your kernel staticly etc...
Tasks that you need to do !!!
And of course it will not protect you if you don t protect your servers.
A long task for a newbie but it pays well ;))
You can be sure .. ;)
On Sun, 2002-01-06 at 22:47, Thomas Cook wrote:
> TOKI:
>
>
> The use is that I don¹t really know what I'm doing. Well, not totally...
> Here is the lay of the land.
>
> I have a high speed connection connected (appropriately enough) to a
> hardware router and hub. This router (192.168.1.1) serves as a DHCP host
> for my little LAN. On this LAN there are basically 2 sectors. The first is
> the general house computers, used by the people here for surfing and e-mail,
> nothing fancy. There are at any time, between 6 and 12 of these, mostly
> running windows. Because they have no use for it, all of their ports are
> blocked from the outside by the router I mentioned.
>
> The second leg of the network is my computer lab. This lab consists of
> about 2 dozen boxes running any number of OS's and services like my mail,
> web site, shell server, etc. Not all of this are set up, mainly because
> they need to be seen from the outside, and thus protected. Hence the
> firewall (among other protections).
>
> I have set the firewall up on the network, with an IP address from the
> router, and have left that IP in the DMZ of the router so it is seen from
> the internet at large. I want to set up some sort of NAT to translate the
> ports of the firewall to the appropriate servers behind the firewall. To
> avoid any confusion by the people on the larger house network, I was going
> to use the 10... IP rang for the network, but it really makes no difference,
> and I can just as easily set them up with the subnet you suggest. (though
> the term easily may not apply as I have yet to get this working).
>
> I have been fighting with several firewall solutions (smoothwall, Gibraltar,
> redhat based, openBSD based), but because the box i am using is SCSI based,
> it has a complicated install, and many distros have trouble. I like debian,
> because it installs flawlessly, has that great package system, and I have
> used it in many of the boxes in the lab. I have though about trying a
> hardware solution (namely a netscreen 5xp) but the price tag of a $500
> hardware firewall vs. a free debian firewall is always a deal breaker.
>
> Maybe some of this rambling will help,
> -Tom
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
Reply to: