IPTables and Natting question

dlewis_at_dsl-co.com
Date: 07/27/03

  • Next message: Jack Bowling: "Re: IPTables and Natting question" 
    To: redhat-list@redhat.com
Date: Sun, 27 Jul 2003 00:52:32 -0400

    Hey all,

    I have a questoin regarding iptables and natting. What I'm trying to do is
    setup a iptables firewall to protect my LAN and Servers.
    The ketch is that I'm using my Cisco Router to do the Natting.. So what I'm
    trying to do bascially is just route across the 2 nics in the
    Redhat 9 box and use the iptabes to allow/deny stuff from getting across.

    The reason I'm doing this is that there are multiple interfaces for other things
    on the Cisco and its just easier than trying
    to replace the cisco with the RH box.

    As it sits now I was thinking of this

    INET E1 Cisco NAT E0 eth1
        FW eth0
    --------------------- ------------------------ >
    --------------------------- ------------ >LAN
    5 (Addresses) 10.255.0.1 10.255.0.2
            10.11.11.1 10.10.10.6 Mail and www
    server
                                                                                    
                                                                      10.10.10.7
    other mail and www server
                                                                                    
                                                                     
    10.10.10.20-30 Workstations etc..
    so the Cisco will nat the 5 ip's, into 2 direct ip's for servers and 1 for
    general Lan natting for the local workstations...The cisco will have
    simple/basic
    Access listing as a first line of defence and then have them pass through the
    FW box and do detailed rulesets and then off to the lan and approperiate
    machine...

    Can anyone lend any information of how I should configure the FW box to route
    the traffic and any other examples that might help me to do this.
    The last time i used a linux firewall it was a ipchains firewall using NAT
    aswell directly connected to the internet, so this is a little twist for me and
    I'm not exactly sure how I should go about doing it.

    Any help would be appreicated.

    Thanks in advance for your time and comments.

    Dave 

    -- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
  • Next message: Jack Bowling: "Re: IPTables and Natting question"

    Relevant Pages

    • Re: Firewall Hardware and a bit of a Rant
      ... I need advice on which hardware firewall to purchase for a client with 20 users. ... I'm fairly new to SBS and have installed 3 servers. ... Watchguard seem to think they are Cisco and don't have to provide support to smaller IT guys because they are so powerful etc.. ... If my client didn't need web filtering, I'd bang a PIX in and use the Cisco VPN Client for remote access with local database XAuth to provide double authentication. ...
      (microsoft.public.windows.server.sbs)
    • Re: Newbie network setup question
      ... > and mail servers, since thats what the static IP is for. ... one router/firewall and allow port-forwarding to the other servers. ... > static IP go to both the WAN and LAN sides of the router? ... If you want to build up some "privacy" behind your firewall -and I ...
      (comp.os.linux.networking)
    • Re: net send
      ... > found all servers had a nice little porn message. ... > need to add to the firewall to block future occurances. ... Also, be sure to run firewall, and disable netbios from the outside (ports ... make sure that, if only win2k+ computers are on your LAN, that Lan Manager ...
      (comp.security.firewalls)
    • RE: Basic Network Configuration
      ... DMZ stuff, then put another firewall before your LAN. ... Mail servers, demo servers, etc.) should go in the DMZ. ...
      (Security-Basics)
    • RE: Basic Network Configuration
      ... Yes, mail servers, web servers, ftp etc are your DMZ buddies. ... firewall> dmz> firewall> lan layout but physically it does not. ...
      (Security-Basics)