There's an example in the ipchains How-to very similar to the situation you
described
http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO-7.html
-shoe
>
>From: Chuck Mead <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: RE: ipchains, port forwarding
>
>On Tue, 12 Sep 2000, Andy Schuler spewed into the bitstream:
>
>AS>Thanks! That's what I needed!
>
>It looked like a good link to me... :-)
>
>AS>On Tue, 12 Sep 2000, Andy Schuler wrote:
>AS>
>AS>AS>I've setup a router/firewall box running RH 6.2 and using ipchains.
I'm
>AS>AS>wondering if it's possible to forward requests on specific ports to
>AS>machine
>AS>AS>on the internal network. ie, a port 80 request will be passed
>through the
>AS>AS>firewall (int ip 192.168.1.1) to an internal box (192.168.1.5). Any
>AS>ideas?
>AS>
>AS>http://howto.real-time.com/realtime/PortForwarding/tclugpres/
I agree, it looked like a really good presentation. However, I'vet found
any ipchains sample configurations dealing with the traditional three nic
firewall (see ascii art below)
DMZ/orange
network
red network | |=======
WebServer/mail/...
Internet ===============| firewall |
| | green network
| |======= highly
protected machines
what I am looking for it is a template which will let me grant
1) limited access from red network to orange network,
2) unlimited, masqueraded access from orange and green networks to red
network/Internet
3) limited access from orange to green (ssh/mail)
4) unlimited access from green to orange.
5) allow the firewall to act as an IPSec router.
the green and orange network's will be in the 192.168.x.x range but
obviously not the same network.
any pointers to sample scripts or tools that will help me construct such a
firewall?
---eric
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
