Re: iptables route
-----------Haim Ashkenazi wrote:
> On Sat, 22 Mar 2003 06:24:02 -0300
> Eduardo Rocha Costa <eduardorcosta@ieg.com.br> wrote:
>
> > Hi, first of all sorry my poor English I'll try my best.
> >
> > I have the following scheme in my lab:
> >
> > INTERNET --- firewall --- local network
> >
> > I have real ip's for all computers in the lab, so I don't need nat,
> > but I don't know how to set this and can't find any documentation
> > how to build a firewall for that. So I did a local network
> > with private ip's (10.0....).
> > This was not a problem since we can do all things normally.
> > But now, some problems are appearing, we build two web server and one
> > file server. And now the main router of the university is routing the
> > real ip address of the web services through my firewall and I don't
> > know how to set this things, to the web server and the file server can
> > be seen on the INTERNET.
> > Can some one help? Or point to some good documentation
> > By the way, we want the servers to have the real ip's and
> > the others private ip's.
> >
> > Thank you
> >
> >
> > --
> > Eduardo Rocha Costa
> > eduardo.rocha@poli.usp.br
> Hi
>
> iptables is not easy to understand. that's where some front-ends come to
> your aid. I suggest using shorewall (apt-get install shorewall). it's
> decently documented and comes with examples. you should divide your
> network to zones (internet, local, dmz, lab, etc...) set them in the
> "zones" file and create the policy and rules. also masquerading and nat
> are very easy to configure with shorewall.
>
Thanks for the advice, shorewall is very good... only 4 hours and I make
the configuration !!
>
> Bye
> --
> Haim
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
--
Eduardo Rocha Costa
eduardo.rocha@poli.usp.br
Reply to: