Bridging firewall problems.
Hi, I have been trying to set up a bridging firewall, and have been having
little success. I'm running potato & 2.2.19, with the latest brfw2 patch
applied. The bridge works fine, but when we try to set the rules up we
either have a firewall that wont let anything through, or one that wont stop
anything (of course neither is our goal). What we have is a few servers
that we want to set behind a firewall, pretty simple setup. The firewall is
plugged into the rest of the LAN, and then a hub is plugged into the
firewall, and the severs will be plugged into that. We would like open
access from within our LAN (our IP block), and restricted access from the
world (Pretty much port 80 & 443). We have a block of 64 IP, so our mask is
26, and eth0 is our external interface (connected to the 'net).
So we tried something along the lines of:
####
ipchains -F
ipchains -N public
ipchains -N private
ipchains -A bridgein -s 208.59.69.54/26 -d 208.59.69.54/26 -i eth0 -j
private #All our local machine
ipchains -A bridgein -s 0/0 -d 0/0 -i eth0 -j public
#Every one else
ipchains -A bridgein -s 0/0 -d 0/0 -i eth0 -j DENY
#Deny every thing else
ipchains -A private -s 208.59.69.54/26 -d 208.59.69.54/26 -i eth0 -j ACCEPT
#Allow all local traffic
ipchains -A public -s 0/0 -d 0/0 80 -i eth0 -j ACCEPT
#Port 80 is OK
ipchains -A public -s 0/0 -d 0/0 443 -i eth0 -j ACCEPT
#Port 443 is OK
ipchains -A public -s 0/0 -d 0/0 -i eth0 -j DENY
#Deny everything else Deny.
###
We have tried a few diffent variations on this, but can't get the desired
result. Any ideas???
Thanks,
Matthew Kopishke
mfk@BlueNoteTechnology.com
Reply to: