[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables route



On Sat, 22 Mar 2003 06:24:02 -0300
Eduardo Rocha Costa <eduardorcosta@ieg.com.br> wrote:

> Hi, first of all sorry my poor English I'll try my best.
> 
> I have the following scheme in my lab:
> 
> INTERNET --- firewall --- local network
> 
> I have real ip's for all computers in the lab, so I don't need nat, 
> but I don't know how to set this and can't find any documentation
> how to build a firewall for that. So I did a local network 
> with private ip's (10.0....).
> This was not a problem since we can do all things normally.
> But now, some problems are appearing, we build two web server and one
> file server. And now the main router of the university is routing the
> real ip address of the web services through my firewall and I don't
> know how to set this things, to the web server and the file server can
> be seen on the INTERNET.
> Can some one help? Or point to some good documentation 
> By the way, we want the servers to have the real ip's and 
> the others private ip's.
> 
> Thank you
> 
> 
> -- 
> Eduardo Rocha Costa
> eduardo.rocha@poli.usp.br
Hi

iptables is not easy to understand. that's where some front-ends come to
your aid. I suggest using shorewall (apt-get install shorewall). it's
decently documented and comes with examples. you should divide your
network to zones (internet, local, dmz, lab, etc...) set them in the
"zones" file and create the policy and rules. also masquerading and nat
are very easy to configure with shorewall.


Bye
-- 
Haim



Reply to: