Re: [Cooker-firewall] Firewall configuration Questions
Ed Colmar <[EMAIL PROTECTED]> writes: > > What is the advantage of placing the public webserver behind > the firewall? It seems like there are a few different schools of > thought on this issue. well, what is the advantage of a firewall ? This might answer your question. -- Florin http://www.mandrakesoft.com
Re: [Cooker-firewall] Firewall configuration Questions
Hey all! Thanks for all the responses... With all the digging I did, I ended up figuring this one out. What I did was: route add x.x.x.50 dev eth1 Suddenly it works! What is the advantage of placing the public webserver behind the firewall? It seems like there are a few different schools of thought on this issue. Thanks again! -ed-
Re: [Cooker-firewall] Firewall configuration Questions
Hello, > First, I have set up a web/ftp server outside the firewall, > and everything works, but the machines inside the firewall cannot see > it. I need to set up some routing rule for this? What is the > preffered methiod to do it? It's not very clear to me. Your ftp/web server will be not protected by the firewall, right ? Only your internal network (ftp/web clients will be). Your ftp/web server and your firewall have a public IP address (and hopefully a public name, registered to DNS). So your ftp/web server is like any other server out there, in th enet jungle :) >From inside your network, using a client, can you access (ping or whatever) the server ? All the internal clients will have to use the gateway-firewall as their default route. So, the server is somewhere on some different physical network. > Second... I'm having some trouble listing contents from > machines inside the lan to ftp servers outside... They can connect, > and authenticate fine, but no listing??? I ran the same procedure > from the server on the outside and all works as expected. are you using squid as a proxy ? Well, i tried here using a client, the firewall and a random ftp server, say ftp://ftp.sunet.se and it works like a charm. All i had to do was to allow the ftp in Restrict Access->Office traffic maybe i did not understand your settings ... have a nice day, -- Florin http://www.mandrakesoft.com
Re: [Cooker-firewall] Firewall configuration Questions
Hi! Thanks for the reply! My isp has given me the ip range x.x.x.34 - x.x.x.60 with the netmask of 255.255.255.224 My mandrake security box is on x.x.x.48 My Web server is on x.x.x.50 all the office traffic is on the other side of the MDK security with ips like : 192.168.1.15 Yes, all office traffic ports are open at this point. but it seems like the default route goes straight out to the gateway x.x.x.33, and does not hit the local network. We also have a web server located at the ISP with an ip in the same range x.x.x.20 that the office machines cannot see either. > > First, I have set up a web/ftp server outside the firewall, >> and everything works, but the machines inside the firewall cannot see >> it. I need to set up some routing rule for this? What is the >> preffered methiod to do it? > >What is your topology? > >You've got a public network assigned by your ISP, and you've put a >dedicated machine on this external lan ? > >Did you open the Web port and ftp port in the "office traffic" menu? Yes all office ports are open Thanks again! -ed-
Re: [Cooker-firewall] Firewall configuration Questions
hi, Ed Colmar a écrit : > > Hi all > > I've been posting questions to the newbie list, with no > response, so I figured I'd try here... > > I've got a mandrake security beta 4 running (It's awesome, > you guys did a great job!) > > I have a few configuration quirks that I'd love to get some > advice on. I'm still newbie rank. > > First, I have set up a web/ftp server outside the firewall, > and everything works, but the machines inside the firewall cannot see > it. I need to set up some routing rule for this? What is the > preffered methiod to do it? What is your topology? You've got a public network assigned by your ISP, and you've put a dedicated machine on this external lan ? Did you open the Web port and ftp port in the "office traffic" menu? > > Second... I'm having some trouble listing contents from > machines inside the lan to ftp servers outside... They can connect, > and authenticate fine, but no listing??? I ran the same procedure > from the server on the outside and all works as expected. This question, was previously answer : you must open in the "office traffic" menu, the following (respect the Double point, for high range ports ) ftp, ftp-data, 1024: > > Any ideas? > > Thanks so much! > > -ed- -- Philippe Libat <[EMAIL PROTECTED]> Linux-Mandrake http://www.linux-mandrake.com _ Think Different, Think Linux