Re: A query on ipchains
Koala wrote:
> on a HUB. Their IP Addresses are 1.1.1.1/24 . My idea, was, to have Network C going
> through a default gateway of 1.1.1.1 (Debian with ipchains) where the second
> interface card goes to the normal network B (10.10.10.1) Therefore, Netwrok C can
> see Network B, but Network B can´t access Network C. So, the ipchains box for
> network C would have two ethernet cards with the following configuration :
You're a bit unclear about 'A', but if all you have is:
+---+ +---+
| B | - - - FW - - - | C |
+---+ +---+
|
|
|
(Internet)
And you want stuff from 'C' to get to both A and B, but nothing from A
or B to get to C, set the firewall to have the same default gw as those
machines in net B, and those in C to have their gateway be the
firewall. Put everything in C in its own IP address space.
Now, the rules themselves can be simple or hard. If you want simple,
you may be able to get away with just disallowing anything from network
B with a 'syn' flag set, and that's it. If you have sensitive data
(stuff you need a security clearance to get access to) you'll have to go
full bore.
Either way, just treat network 'B' as though it were the internet
(hostile) and disregard the internet itself. Just remember that the
internet is a connection of networks, and network C connects to it via
network B; just like network B connects via your ISP.
Christopher
Reply to: