Hi,I'd say use the ipmasq package, then disable the masqing portion of it. The rules take a little while to figure out, but once you do they're pretty easy to muck around with.
You could configure DNS to run on a certain interface (or IP) if you are using BIND 8. I don't know about other DNS programs, but this should be basic functionality. You could restrict the other services through ipchains - creating the rules in the /etc/ipmasq/rules directory.
With Apache, you can specify which IP addresses it listens to (and then set up virtual hosting on different IPs if you need to). For IPs etc for the sub-interfaces, they can be configured through /etc/network/interfaces.
Hope this helps you our some. - Frank At 04:54 PM 2/14/2001, you wrote:
Can I do the following and is there a nice script to generate the firewall
rules for it?
for interface eth0: assign ip and run dns service on it only.
disallow all else accept ssh from particular source.
for eth0:1 ... n:
assigne separate ip and run httpd, and afew others on it.
basically rules for eth0:1 .. n are not the same as for eth0
or more generally be able to create and manage rules for each
sub-interface.
--
To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org