Re: Firewall protects, so what directs?

To: Debian Firewall <debian-firewall@lists.debian.org>
Subject: Re: Firewall protects, so what directs?
From: Thomas Cook <sysadmin@black-gear.com>
Date: Tue, 19 Mar 2002 17:31:12 -0600
Message-id: <[🔎] B8BD265F.1F94%sysadmin@black-gear.com>
In-reply-to: <[🔎] 36645.192.168.1.2.1016480243.squirrel@debian.higgs.org>

Wow, thanks for all the help guys.

First off, you are right Simon, I've assigned static addresses to the
servers with statements in the dhcpd.conf file.

As for the rest, I'm looking over ipmasqadm, and it looks like what I need
(though a bit confusing).  I have thought about going to the 2.4 kernels,
but  it would mean translating my ipchains -> iptables (not so bad, seems
like there should be a perl script out there for this), but also compiling a
new kernel, because the stock debian 2.4 does not support my scsi card like
the stock 2.2 (i've never gotten a kernel to compile correctly in my life).

I've got to say, I'm surprised at how complicated everything has become.
Even if I where to take out all the bells a whistles, my entire setup
(firewall/router/dhcp, web dns mail servers) has taken a good 4 months to
get going.  Its true that if I knew what I was doing, it would be less, but
there is SO much to know!  Thanks for the help...

-Tom

On 3/18/02 1:37 PM, "Simon Higgs" <simonhiggs@bigfoot.com> wrote:

> Thomas Cook said:
>> I have spent the last few months constructing an ipchains firewall for
>> my computer lab.  I finally got everything working a week or so ago,
>> but I realized there is noting telling things where to go.
>> 
>> My firewall divides my network into an internal lab (10.0.0.0/24, all
>> ip_forward and MASQ on the firewall), and a DMZ for my servers
>> (10.10.0.0/24).  The firewall tells all the packets where they can and
>> cant go, but how do I tell packets where they should go?  For
>> example...
>> 
>> Lets say my external ip is 1.2.3.4.  So someone on the internet plugs
>> 1.2.3.4 in their browser.  The browser contacts my firewall's external
>> interface asking for connect on port 80.  How do I tell my firewall to
>> direct that www request to 1.2.3.4 into a request to 10.10.0.10 port 80
>> (my apache server)?
>> 
> 
> In a previous post you suggested that you have assigned dynamic IP's to both
> networks. I can't see how this can work.I'd at least assign static IP's to
> the servers.
> 
> http://www.linuxdoc.org/HOWTO/IP-Masquerade-HOWTO/forwarders.html
> http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO-7.html
> 
> Simon.

Reply to:

References:
- Re: Firewall protects, so what directs?
  - From: "Simon Higgs" <simonhiggs@bigfoot.com>

Prev by Date: Re: Problems tirying to setup a pptp server begin a firewall
Next by Date: Re: Firewall protects, so what directs?:(may be an easy workaround)
Previous by thread: Re: Firewall protects, so what directs?
Next by thread: Re: Firewall protects, so what directs?
Index(es):
- Date
- Thread