Re: ipchains or iptables either way
I'd say use the ipmasq package, then disable the masqing portion of
it. The rules take a little while to figure out, but once you do they're
pretty easy to muck around with.
You could configure DNS to run on a certain interface (or IP) if you are
using BIND 8. I don't know about other DNS programs, but this should be
basic functionality. You could restrict the other services through
ipchains - creating the rules in the /etc/ipmasq/rules directory.
With Apache, you can specify which IP addresses it listens to (and then set
up virtual hosting on different IPs if you need to). For IPs etc for the
sub-interfaces, they can be configured through /etc/network/interfaces.
Hope this helps you our some.
At 04:54 PM 2/14/2001, you wrote:
Can I do the following and is there a nice script to generate the firewall
rules for it?
for interface eth0: assign ip and run dns service on it only.
disallow all else accept ssh from particular source.
for eth0:1 ... n:
assigne separate ip and run httpd, and afew others on it.
basically rules for eth0:1 .. n are not the same as for eth0
or more generally be able to create and manage rules for each
To UNSUBSCRIBE, email to firstname.lastname@example.org
with a subject of "unsubscribe". Trouble? Contact email@example.com