IP Firewalling/Forwarding baffles me

To: debian-user@lists.debian.org
Subject: IP Firewalling/Forwarding baffles me
From: "Kendall P. Bullen" <kpb@lists.tax.org>
Date: Tue, 15 Sep 1998 21:50:14 -0400 (EDT)
Message-id: <[🔎] Pine.LNX.3.96.980915213335.10932A-100000@lists.tax.org>

Hi All,

If some kind soul could help, I'd appreciate it.  :-) The HOWTO
instructions don't seem to work correctly (but more than likely, my
lack of understanding is at fault), so I plea for help.  :-)

THE MACHINES: The firewall machine is running that latest Debian.
Aside from a few default things, I've configured the dummy net driver,
installed ipchains, and have two NICs in it.  I can ping the Internet
and the protected machine just fine -- the NICs auto-configured once I
picked a suitable (?!) driver.  I can ping the firewall from without
and within (using the appropriate IP addresses).  The external
interface has an IP address on our network -- the internal one has
192.168.2.3 (which I read is one of those private network addresses).

The protected machine is running Solaris 2.5.1 (possible to be
upgraded to 2.6).  It has another 'private' IP address, 192.168.2.2.
(Using those private network numbers seemed like a good idea for
security reasons.)  It can ping the IP address of the firewall, but
nothing else.

THE PLAN; A few fortunate souls should be able to reach the protected
machine via WWW (port 80, the default) from the Internet.  Also, a few
machine on our local network should be able to reach the protected
machine on several different ports (including 80).

HOW TO DO IT?!  The commands in the HOWTO didn't appear to work.  I
tried installing ipchains and using that + ipportfw, but ipchains
didn't like the commands I was giving it (tho' I got them from someone
on this list, methinks.

I can give more details about what's configured how, and what I want
to do, but I'm really at a loss as to how I'm supposed to do this
stuff.  The HOWTO made it sound like I could use private network
addresses or not, as I chose, but ipportfw almost seems like a
requirement in that case (versus plain old IP forwarding), else how do
the external machines reach the 'hidden' one?  I think part of my
problem may be how the 'hidden' machine's configured (default router,
domain, etc.), but the HOWTO didn't really cover that. . . .

Thanks in advance!!!
Kendall P. Bullen

Reply to:

Follow-Ups:
- Re: IP Firewalling/Forwarding baffles me
  - From: dmartin@clifton-labs.com (Dale E. Martin)
- Re: IP Firewalling/Forwarding baffles me
  - From: Pete Harlan <harlan@pointofchoice.com>
- Re: IP Firewalling/Forwarding baffles me
  - From: Miller Paul <pmiller@jove.acs.unt.edu>

Prev by Date: Re: is this possible with emacs?
Next by Date: Re: is this possible with emacs?
Previous by thread: Re: Fw: PPP and wtmp not working together
Next by thread: Re: IP Firewalling/Forwarding baffles me
Index(es):
- Date
- Thread