firewall ruleset
Hi. First of all, sorry for my english...
I'm running Debian 2.2 (potato). I have configured my linux box as a
firewall and masquerade server for my internal LAN and everything is ok.
Now, I get a small set of real IP address (7 exactly) and I need to put
those workstations behind th firewall. The actual layout is like this:
----------
| Internet |
----------
|||
|||
|||
--------
| Router |
--------
INTERNET_IP.1/29
|
-----------------------------------------------------
| H U B
|
INTERNAL_IP.2/24
----------------------------------------------------- INTERNET_IP.3/29
. || || || || || || || || || || || || || || || ||
|| INTERNET_IP.4/29
. | |
INTERNET_IP.5/29
INTERNAL_IP.255/24 |
| INTERNET_IP.6/29
|
| INTERNET_IP.7/29
| -------------- |
| | Linux | |
| | Masquerading | |
------| Firewall |-----
eth1 INTERNAL_IP.1/24 -------------- eth0
INTERNET_IP.2/29
As you can see, all the machines with INTERNET_IP are before the
firewall, so the security is a trivial joke (the machins are running
Window$ :). My idea is add an interface(eth2) to my linux box and put a
cross utp between the router and eth0, and eth1/2 connected to the HUB.
What I have in my head is the following:
----------
| Internet |
----------
|||
--------
| Router |
--------
INTERNET_IP.1/29
|
| Cross UTP
|
eth0 INTERNET_IP.2/29
--------------
| Linux |
eth1 INTERNAL_IP.1/24 | Masquerading | eth2
INTERNET_IP.3/29
--------------| Firewall |--------------
| -------------- |
| |
-----------------------------------------------------
| H U B
|
-----------------------------------------------------
|| || || || || || || || || || || || || || || || ||
INTERNAL_IP.2/24 INTERNET_IP.4/29
. INTERNET_IP.5/29
. INTERNET_IP.6/29
INTERNAL_IP.255/24 INTERNET_IP.7/29
The problem is that I have very short time to change the layout, so I
can't probe it. How should I configure the linux box to handle this
system. Is it posible to work. How can a TCP packet that come from
INTERNET to my INTERNET_IP.6 knows that it have to pass through the
eth0,eth2,HUB?
I hope you can understand my ugly description but my english is too bad.
Thanks.
--
:%s/Micros~1/GNU\/Linux/g
:wq!
Reply to: