ipchains with multiple interfaces

[Chuck Pierce]

ok.. here is the deal.. I've got a machine that I need to connect and firewall
six diffrent seperate networks (all ethernet).  I've got a machine with linux
(slack7) and kernel 2.2.14.  I am having a little trouble trying to figure out
how I can setup this box to masquerade for three of the six interfaces,
while still having some level of security.  It is currently setup to route all
traffic everywhere, but not doing masquerading (so no one can get to the web).


here is how I will need it setup.  Each interface is a physical diffrent
ethernet interface.  I understand that I will probably have to block all of the
root ports, and allow ports 1024:65535.

eth0 - this is the internet 1.2.3.4 represents my real ip address, and no
DMZ access is needed/wanted to anything, but it needs access from eth1, eth2,
and eth3 (this is a static ip).
ip - 1.2.3.4
netmask - 255.255.255.0
gateway 1.2.3.1

eth1 - internal1, this one needs access to eth0, eth2, and eth3.. it needs
access from eth2 and eth3
ip - 192.168.1.1
netmask - 255.255.255.0

eth2 - internal2, this one needs access to all, and only needs access from
eth1 and eth3
ip - 192.168.2.1
netmask - 255.255.255.0

eth3 - internal3, this one needs access to all but eth5, and only needs
access from eth1 and eth3.  This one also will have a second ip (using ip
aliasing) that will need to do the exact same thing as the first ip.
ip - 192.168.3.1
netmask - 255.255.255.0
ip2 - 172.18.100.23    
netmask2 - 255.255.0.0

eth4 - internal4, this one needs access to none, and but needs access
from eth1, eth2, and eth3                                            
ip - 192.168.4.1
netmask - 255.255.255.0

eth5 - this is a connection to another companies network.  The               
machine(s) on that network may or may not be on that subnet (hense
the gateway address)                                              
ip - 10.188.40.19   
netmask - 255.255.254.0
gateway 10.188.41.254


                      
ok.. now after reading all of that you can kinof get an idea on what I am
trying to do.  What I need to know is if/how ipchains and ipmasq can do   
this.  I really don't need to do any filtering.  Just really firewalling
by routing.  I have read every example I can find on ipchains, but all of
then have to deal with only two interfaces (internal and external).  I have
setup linux to do masquerading on machins in the past (just not quite this 
complex).  Any help would help.  Thanks.

- Chuck
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]