What easy firewall front end for woody/bonzai?
I have a woody bonzai install I could use a bit of advice on.
The network consists of a handful of public ip addresses. One of the ip
addresses is behind a nat/firewall and is used for an internal lan of
workstations. A second ip address will run a server that I need the advice
for. The rest of the ip addresses will not be used at this time.
The second ip address, let's call it .2, will run apache and will have port 80
open to the internet (including being open to the nat/firewalled ip address
for testing and administration). There will be no access between the lan and
the apache server internally through a second ethernet card. The server only
has one ethernet card. Adding a second card for internal access is not an
option. Administration will be by ssh'ing into the box from the lan, so the
ssh port will also be open.
Sometime in the future, the server will also need other ports opened to the
internet, basically mail, bind and several others. I can edit the
configuration file to open the additional ports from what I've seen from rule
I'm on another list where others have offered to help me with the rule set to
get my setup running. But I'm trying to do this myself, or at least get
started. I'm finding the documentation on iptables and rule sets extremely
difficult to understand. I've looked at some examples, and at several pages
that automate rule set configuration, but obviously my setup isn't one of the
options. I also don't know what to do with the rule set(s).
Is there a front end to woody that I can use that will help me out in this
situation? I've looked at some of the front ends, but some lack
documentation or have stopped supporting the app, and quite a few don't have
a woody package where I'm looking (the standard stable US/nonUS locations
installed by woody). I've also done some google searching for frontends but
the end up in the same situation, old apps or non-woody.
I installed the most recent version of bonzai, including the Xfce window
manager iirc. I'll be using X only until I get apache working, and then will
probably uninstall X, and if the firewall front end runs on X, it will be
gone as well.
The front end may answer this question for me, but what do I do with the rule
set once I have it? Put it in directory related to iptables? Run it from
the command line?