LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 08-15-2005, 10:10 AM   #1
saavik
Member
 
Registered: Nov 2001
Location: NRW, Germany
Distribution: SLES11 / FC20/ OES / CentOS
Posts: 601

Rep: Reputation: 32
DMZ-fli4l-smoothwall-nomachine


Hello!

I would like to access a Linux-Server via nomachine (ssh) from the internet.

So I am planing to get a fix ip, a dmz an so on.

Here my question: How to do that and what tools to use!

Server (noMachine) <--------Intranet sending Data (files) to the server
............................|
............................|
Internet ----> FIREWALL

I do not want the Server to be able to enter the Intranet so i first thought of 2 Firewalls
like:

Server (noMachine) <- Firewall <---Intranet sending Data (files) to the server
............................|
............................|
Internet ----> FIREWALL

But now I think of:

Internet ----> Server (noMachine) <- Firewall <---Intranet sending Data (files) to the server
with active firewall
on the same hardware

1.)What about that ???
2.) Can a router replace a firewall by just letting traffic to the Server/noMachine and not letting any traffic in the other direction ?????

Thanks
 
Old 08-16-2005, 06:59 PM   #2
joelkeeble
Member
 
Registered: Mar 2005
Posts: 50

Rep: Reputation: 15
i would sugest using ssh and have this as the only port open on your firewall also make sure it is the only deamon listning on the linux machine.

ssh is secure so i wouldnt worry about people hacking it.(you could allways run a firewall over it allowing connections from specific ip addresses only, though you can do this in ssh)

In a word NO you cant only accep data transfer in one direction as the server need to send acknowledgement packets back to the client machine or vise versa.
 
Old 08-16-2005, 07:02 PM   #3
joelkeeble
Member
 
Registered: Mar 2005
Posts: 50

Rep: Reputation: 15
No trying to be rude but the diagram makes no sense. You could have:

client machine --->ssh(client)-->firewall>---------------INTERNET-------------------<firewall<--ssh(deamon)<--server
 
Old 08-16-2005, 07:12 PM   #4
Brian1
Guru
 
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that. Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700

Rep: Reputation: 61
I think what you are after is something like this. A firewall machine with 3 network cards in it.
eth0 is connected to the internet
eth1 is your local intranet on a non routable class C address
eth2 to the dmz where the server(s) will be. It will be on another non routable class C address.

eth0 external IP
eth1 192.168.1.0/24
eth2 192.168.2.0/24

Setup iptables to do all the packet filtering. Lots of info here on the subject.

For the second question, a router does the same as a firewall. It would be easier, but would use 2 routers.
First router with external IP on the wan and the internal setup as 192.168.1.0/24. This is where your server(s) will be located. Then with the second router the outside port on it will be connected to the inside lan port of the first router. Use an address like 192.168.1.10 for the wan side and then make the lan side of it 192.168.2.0. Now all you have to do is setup which port to forward to in the 192.168.1.0/24 area. On the second router no port forwarding is done to protect the internal machines on the private lan.

external IP > 1st router > 192.168.1.0/24(server(s)) > 192.168.1.10 > 2nd router > 192.168.2.0/24(lan machines)

If you want to add more security, all machines should run a firewall on them themselves.

Hope this helps out.
Brian1

Last edited by Brian1; 08-16-2005 at 07:28 PM.
 
Old 09-09-2005, 02:01 AM   #5
saavik
Member
 
Registered: Nov 2001
Location: NRW, Germany
Distribution: SLES11 / FC20/ OES / CentOS
Posts: 601

Original Poster
Rep: Reputation: 32
Thanks for your ideas so far!

I think I will do the following:

Install a firewall on the server ( with only the ssh port open). Install nomachine on the Server, an configuring it to only accept ssh crypted sessions. Then i place a router at the other side (eth1 internal network) an connect the server with is connected to the internet via eth0 with a crossover cable to the route which will be connected to our intranet.

I think this will be ok, or not ??

I simply would like not to use a firewall at the route to my Intranet as i just would like to let NO traffic to my intranet. So I think this is an as easy rule as possible and a router would be the most easy way to astablish this, not ?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SmoothWall DMZ: problems with DHCP (i think!!??) jme Linux - Networking 8 03-12-2004 06:53 AM
smoothwall dmz bradyc Linux - Newbie 2 11-04-2003 04:00 PM
Smoothwall, DMZ, Webserver, almost there. Grafbak Linux - Networking 3 07-01-2003 01:05 PM
DMZ on Smoothwall sheryco Linux - Networking 8 03-03-2003 11:34 AM
Smoothwall DMZ config AnotherNewbie Linux - Networking 2 06-09-2002 03:29 PM


All times are GMT -5. The time now is 03:17 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration