Hi All,
Hope you have time to read & give me comments, direction or better
ideas to do this. My aim is to build a firewall between the net and my
servers. Im running mail, web servers.
Im doing it this ways. I have linux with 2 nics namely eth0, eth1
|||||||||||||| ||||||==| Server 1
|| || || ||
internet ==||||| || FW ||||||===|| ||hub
eth0 || || eth1 |||||==| Server 2
|||||||||||||||
eth0 info eth1 info server1 info
server 2 info
Ip Addr: 203.167.75.2 192.168.1.1 192.168.1.2 192.168.1.3
we have 203.167.75.0/28 network
routing info
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.1.0 192.168.1.1 255.255.255.0/UG 0 0 0 eth1
192.168.5.0 * 255.255.255.0/U 0 0 0 eth1
203.167.75.2 203.167.75.1/255.255.255.0/UG 0 0 0 eth0
203.167.75.0 * 255.255.255.0/U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 /U 0 0 0 lo
FW , Server 1 & Server 2 can ping each other. FW can
ping the rest of the network and internet as well. While Server 1 & Server 2
cant. Also workstations on 203.167.75.0/28 block cant png Server 1 & Server
2 but can ping FW. What did I miss? do I have to run something else ? I for
only have iptables with this rules below
target prot opt source destination
ACCEPT tcp-- 203.167.75.0/28 anywhere/tcp dpt:ssh flags:SYN,RST,ACK/SYN
ACCEPT tcp-- anywhere anywhere/tcp dpt:http flags:SYN,RST,ACK/SYN
ACCEPT tcp-- anywhere anywhere/tcp dpt:domain flags:SYN,RST,ACK/SYN
ACCEPT tcp-- anywhere anywhere/tcp dpt:smtp flags:SYN,RST,ACK/SYN
ACCEPT tcp-- anywhere anywhere/tcp dpt:ftp flags:SYN,RST,ACK/SYN
ACCEPT tcp-- anywhere 192.168.1.0/24/tcp dpt:ssh flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere 192.168.1.0/24/tcp dpt:http flags:SYN,RST,ACK/SYN
DROP tcp-- anywhere 192.168.1.0/24/tcp flags:SYN,RST,ACK/SYN
DROP tcp-- anywhere 203.167.75.0/24/tcp flags:SYN,RST,ACK/SYN
I badly need your help... thanks a lot
rym
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
