iptables firewall with 3 networks
From: JP (ft00mch_at_h.o.t.m.a.i.l.c.o.m)
Date: Mon, 20 Sep 2004 12:34:46 +0100
I've been tasked with creating a firewall on a linux system using iptables
and locking the system down as much as possible, I've done some simple
firewall rules before but that was a little easier as it had an internet
connection and a LAN, it was also quite a few years ago.
I now need to sort one out with three interfaces and can't quite get my head
round it so I was wondering if some of you chaps could assist. The system is
going to be based on Redhat or Fedora, the interfaces are configured as
Corporate LAN eth0 10.1.1.1
Support LAN eth1 172.16.1.1
Customer LAN eth2 192.168.1.1
The Corporate LAN must be able to get to the Support LAN and the Customer
The Support LAN will need access to the Customer LAN but should not be able
to get back thru to the Corporate LAN.
The Customer LAN should not be able to get back to either the Support LAN or
the Corporate LAN.
All I have in my head at the moment is splitting each interface into
input/output rules but it sounds (to me) far too complicated than it needs
to be. Can anyone give me an idea where to start? I'd like it to be as
simple as possible so it's easy to manage.
We will be using mainly telnet and ssh to access various systems among the