Question/Advise:
I am setting up webserver on a cable connection.... which only has one IP.
Currently I have a linksys router running DHCP.
The server is configured with 2 net cards eth0 is the untrusted with ports 80 & 443 open
eth1 has all my other services bound to it 21, 22, 3306, 10000 etc.
Because I am not experienced with fire-walling and box hardening (I have done some of the basics to ensure security) I was planning on port forwarding from the linksys router to the server... obviously forwarding only ports 80 and 443 to the eth0 address (192.168.1.x).
This works fine but I did not have any packet filtering in place which is not good.
I found this great script at freshmeat_dot_net/projects/iptables-firewall/ that is easy to setup and implement.... /arno-iptables-firewall.tgz
Problem is that I can't have the two nics on the same subnet because the eth1 (trusted device) subnet is accept everything which effectively removes the firewall from eth0 ? Is there a work around?
Am I making this unnecessary complicated by leaving the linksys in place or should I nat through the webserver appliance and eliminate the linksys? I have very little experience with IpTables and am relying on the script above and the use of the Webmin interface for IPtables.
Your thoughts would be well received and greatly appreciated.
___________________
eth0 Link encap:Ethernet HWaddr 00:A0:C9:99
D:EE
inet addr:192.168.1.x Bcast:192.168.1.254 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
eth1 Link encap:Ethernet HWaddr 00:01:53:81:B6:39
inet addr:192.168.1.x Bcast:192.168.1.254 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1