|
Hi all.
I just built a gateway machine : eth0 to DSL
with NAT and eth1 is internal.
DSL does forwarding with single static ip supplied
by ISP. That part is fine.
Now I want to have a firewall on the gateway
machine, up pops ipchains.rules for input, output and forwarding. That's
when issues arise.
Yes, it protects the machines behind the firewall,
but I seem to lose the ability to browse the net. Mind you, selectively we can
even telnet/ssh to various sites and vice versa.
The questions are :
(1) best way to build a secure firewall
(relatively speaking) n yet allows users to browse the net - seems
contradictory ???
(2) are there any other solutions than to
stick several nic's into the gateway and assign each a different address or
address range where each range has a different ipchain-scheme for
input/output/forwarding ???
|
