RE: firewall setup

From: Somnus (bugtraq_at_dysfunctional.za.net)
Date: 07/07/04

  • Next message: Dave Dearinger: "Re: firewall setup"
    To: "'Ognen Duzlevski'" <maketo@sdf.lonestar.org>, "'securityfocus'" <security-basics@securityfocus.com>
    Date: Wed, 7 Jul 2004 21:08:22 +0200
    
    

    Hi Ognen

    What I would do is grab my fav distro of Linux

    Grab a box with 3 nicks and a small switch

    Install iptables ,ebtable and Bridge-utils

    And set up a filtering bridge
    On the Linux box set up eth0 as the firewalls nick

    Set eth1 as the big bad net

    And eth2 as the connection to your server then all you do is configure all
    the filters as you need them

    Connect eth2 to the switch with your servers and eth1 to the switch going to
    the net

    And bobs your aunty

    No config changes at all the servers except the physical network and it all
    works very well

    Somnus

    -----Original Message-----
    From: Ognen Duzlevski [mailto:maketo@sdf.lonestar.org]
    Sent: 07 July 2004 04:33
    To: securityfocus
    Subject: firewall setup

    Hi, I have a basic question:

    we have several boxes with unique public IP addresses which are part of a
    big .edu namespace. I would like to put these machines behind one single
    firewall and still keep their names. Is it possible to have all names
    point to the firewall machine and then have the firewall direct the
    specific request to a specific box behind it?

    So, if F is firewall.x.edu and I have A.x.edu, B.x.edu and C.x.edu I want
    to have A, B and C behind F. A, B and C should now point to F and F will
    direct all outside requests to A, B or C based on the name.

    Thanks,
    Ognen

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the
    skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------


  • Next message: Dave Dearinger: "Re: firewall setup"

    Relevant Pages

    • RE: Which ports to block?
      ... them (depending on the firewall and implementation). ... to facilitate one-on-one interaction with one of our expert instructors. ... pen testing experience in our state of the art hacking lab. ... Attend a course taught by an expert instructor with years of in-the-field ...
      (Security-Basics)
    • RE: Novice asks "OpenBSD best firewall?"
      ... I am also new to this security, ... Novice asks "OpenBSD best firewall?" ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ...
      (Security-Basics)
    • RE: Novice asks "OpenBSD best firewall?"
      ... Novice asks "OpenBSD best firewall?" ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ...
      (Security-Basics)
    • Novice asks "OpenBSD best firewall?"
      ... Is there any purchaseable firewall software that I can buy that works ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ... pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • RE: Caching a sniffer
      ... A switch is basically a hub and router in one. ... All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)