LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 02-14-2007, 09:21 AM   #1
patcito
LQ Newbie
 
Registered: Oct 2005
Posts: 10

Rep: Reputation: 0
trying to hide a server


Hey all,
I have a server(bill) connected to the internet through eth0 (public ip 212.34.228.48/28). This same server is connected through eth1 to another server(bob) (ip 192.168.1.1) which acts like a router to other computers in the network.
I want to make sure that server bob is not visible to the users accessing bill through the internet. Any idea what kind of rules I should set in my firewall on bill using iptables or ipforward?

thanx in advance

Pat
 
Old 02-14-2007, 02:23 PM   #2
mgmax
Member
 
Registered: Jul 2005
Location: Erlangen, DE
Distribution: Debian testing/unstable
Posts: 82

Rep: Reputation: 16
An easy solution would be a NAT routing just like a ADSL router does, but I'm sorry I have absolutely no experience with linux and firewalling. As this should be a standart case, you might look for tutorials for this.

Max
 
Old 02-15-2007, 09:25 PM   #3
MQMan
Member
 
Registered: Jan 2004
Location: Los Angeles
Distribution: Slack64 13.37
Posts: 535

Rep: Reputation: 36
Don't setup any port forwarding. Without that, nothing connecting to bill can see bob.

Set your firewall up on bill to protect bill.

Cheers.
 
Old 02-17-2007, 10:13 PM   #4
patcito
LQ Newbie
 
Registered: Oct 2005
Posts: 10

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by MQMan
Don't setup any port forwarding. Without that, nothing connecting to bill can see bob.

Set your firewall up on bill to protect bill.
ok and in that case could you give the kind of commands you would use please.
 
Old 02-18-2007, 12:35 AM   #5
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,114

Rep: Reputation: 312Reputation: 312Reputation: 312Reputation: 312
Read up on iptables -- there are a number of good guides and howtos available on the net for it. In this case, what you want to do is have a rule on bill that rejects all packets bound to the internal 192.168.1.0/24 subnet that are not part of existing connections initiated from within. This is easy to do with the state module (-m state on the iptables command line). But it's hard to work up a complete configuration with the relatively limited information you have provided, so I'd suggest working through an iptables tutorial to try to set your own up and post back here for help if you can't seem to get it going.
 
Old 02-18-2007, 02:57 PM   #6
patcito
LQ Newbie
 
Registered: Oct 2005
Posts: 10

Original Poster
Rep: Reputation: 0
ok here is the pic of the network, the router I want to hide from the internet is the one at the centre (192.168.1.1) connected to all the other routers and to the firewall.
http://p80.free.fr/net.jpg
 
Old 02-20-2007, 02:47 AM   #7
MQMan
Member
 
Registered: Jan 2004
Location: Los Angeles
Distribution: Slack64 13.37
Posts: 535

Rep: Reputation: 36
Is the "firewall" shown in your diagram a separate server, or is it a firewall running on the 192.168.1.1 server, as that makes a huge difference.

You implied in your 1st post, that bill and bob were different servers, but in that diagram, they appear to be different interfaces in the same server.

Cheers.
 
Old 02-20-2007, 06:18 AM   #8
Notwerk
Member
 
Registered: Apr 2005
Location: Jordan
Distribution: Debian (Sarge), Ubuntu (6.06)
Posts: 271

Rep: Reputation: 30
If i understand the diagram correctly, then (bill) is your firewall and (bob) is the gateway for the 192.168.1.0/24 network. In that case, you're in the uber-cool position to double NAT the 192.168.1.0/24 network making access to it from outside very difficult.

The main idea is to run yet another firewall on (bob) and the 2 firewalls work together like this:

1. BILL
Set the FILTER table policies to DROP by default

FILTER-IN:
allow loopback device
allow traffic coming from (bob_ip)
allow RELATED and ESTABLISHED traffic

FILTER-FORWARD:
allow RELATED and ESTABLISHED traffic
allow traffic coming from (bob_ip)

FILTER-OUT:
allow loopback device
allow traffic going to (bob_ip)
allow traffic going out eth0

NAT-POSTROUTING
MASQUERADE all traffic coming from (bob_ip) and going out eth0

2. BOB
Set the FILTER table policies to DROP by default

FILTER-IN:
allow loopback device
allow traffic coming from (LAN_ip_range) network
allow RELATED and ESTABLISHED traffic

FILTER-FORWARD:
allow RELATED and ESTABLISHED traffic
allow traffic coming from (LAN_ip_range) network

FILTER-OUT:
allow loopback device
allow traffic going to (bill_ip)

NAT-POSTROUTING
MASQUERADE all traffic coming from (LAN_ip_range) and going to (bill_ip)
 
  


Reply

Tags
hide, iptables, router


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Is it possible to hide my ip ?? megaprog Debian 17 11-01-2006 11:35 PM
Hide X tux06 Debian 7 10-14-2006 12:25 PM
Apache2 + Debian: how to hide information about server? Warp22 Linux - Software 5 04-11-2005 12:27 AM
FTP Server Up and running... how do I hide ftp users from local login screen? joe1031 Mandriva 2 03-18-2005 04:24 PM
How to hide server -220 messages ximar Linux - Security 4 04-19-2003 11:41 AM


All times are GMT -5. The time now is 11:44 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration