iptables firewall with 3 networks

From: JP (ft00mch_at_h.o.t.m.a.i.l.c.o.m)
Date: 09/20/04


Date: Mon, 20 Sep 2004 12:34:46 +0100

Hi,

I've been tasked with creating a firewall on a linux system using iptables
and locking the system down as much as possible, I've done some simple
firewall rules before but that was a little easier as it had an internet
connection and a LAN, it was also quite a few years ago.

I now need to sort one out with three interfaces and can't quite get my head
round it so I was wondering if some of you chaps could assist. The system is
going to be based on Redhat or Fedora, the interfaces are configured as
follows;

    Corporate LAN eth0 10.1.1.1
    Support LAN eth1 172.16.1.1
    Customer LAN eth2 192.168.1.1

The Corporate LAN must be able to get to the Support LAN and the Customer
LAN.

The Support LAN will need access to the Customer LAN but should not be able
to get back thru to the Corporate LAN.

The Customer LAN should not be able to get back to either the Support LAN or
the Corporate LAN.

All I have in my head at the moment is splitting each interface into
input/output rules but it sounds (to me) far too complicated than it needs
to be. Can anyone give me an idea where to start? I'd like it to be as
simple as possible so it's easy to manage.

We will be using mainly telnet and ssh to access various systems among the
three networks.

Thanks

Jools



Relevant Pages

  • Re: How save is a Windows PC on a Linux network.
    ... firewall between the dialup and the internal lan. ... Being of sound mind and body, I never surf with the Windows machine and ... Assuming you trust your firewall, and you know what's running on the ... I have to have it on the lan to access the Linux servers but sometimes it ...
    (comp.os.linux.misc)
  • Re: OWA
    ... 'Thats good news at least about the firewall. ... Tried them both earlier and same error message - 403. ... get ths same error message in and outside of the LAN? ...
    (microsoft.public.backoffice.smallbiz2000)
  • Re: How to stealth against ping/echo requests?
    ... I just started using the Online-Armor firewall. ... Some ports are even open. ... Are you behind a router? ... Every time it founds a new LAN, it asks if you want to trust it ...
    (comp.security.firewalls)
  • Re: [SLE] Firewall zones
    ... Looking at the firewall configuration in Yast, ... My network card is assigned its IP address by the router using DHCP. ... It connects to the LAN and to the router; the router in turn talks to the ... All the systems on the LAN are supposed to have the same firewall protection, ...
    (SuSE)
  • Re: Wohin mit dem OpenVPN Server?
    ... Ich geb dem Server eine öffentliche IP und setze ihn in die DMZ, ... Adresse über die Firewall von der DMZ aus ins LAN verbinden... ... Ein kompromittierter VPN-Server ...
    (de.comp.security.firewall)