Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello, can anyone help me with a firewall ? i`m newbie with this things, so i dont know very well...
Ok, here is my setup. I have 5 IP addresses.
70.147.94.242 to 70.147.94.246
70.147.94.241 is my gateway to the world.
Elvis has 3 network cards in him. The first is connected to the
Internet. It will have to carry all 5 of my IP addresses. The
second card is connected to a private network. The private network
is in the 192.168.2.x range. The second card has a fixed address of
192.168.2.1. The third network card is to be used as an extremely
limited network. It can't talk to anything but the Internet. It CAN
NOT talk to the subnet on the 2nd card. The third network card is in
the 192.168.3.x range with the third NIC having a fixed IP of
192.168.2.3.
The public IP addresses have the following services...
70.147.94.242
(A) Accepts NO incoming connections. It should be a tarpit to
anything that tries to connect to it.
(B) This is my NAT address. The subnet on 192.168.2.x (second NIC)
will use this address for all outgoing traffic.
70.147.94.243
(A) Accepts HTTP and HTTPS - may support WebDav for selected addresses
(B) Accepts POP3 and SMTP
(C) Accepts FTP (from selected address only - port knocking perhaps)
(D) Accepts Squid
192.168.2.1
(A) SSH
(B) DNS (caching only)
(C) DHCP
(D) FTP
(E) HTTP
(F) HTTPS
(G) WebDav
(H) NAT for the entire subnet - 70.147.94.242 is what the subnet
should use for its outgoing address
(I) Squid - transparent proxy although authentication is possible
192.168.2.3
(A) DNS (caching only)
(B) DHCP
Of course if anyone attempts to brute force any of the services
(connects more than X times per second) I want their address to be
blocked and any connection states that currently have to be dropped.
the last time i've to control a network like that with iptables i used fwbuilder.
It's a nice frontend for a iptables based firewall, and when i'm looking at a network like yours, i think you can manage that with this great tool.
I'll second the suggestion for fwbuilder. I come from a Checkpoint background, and fwbuilder is the only firewall interface I have found that I like as much (other than the FortiGate boxes that I have deployed at some clients now). Fwbuilder with iptables, and kiwisyslog viewer for color coding logs is a great combination.
I'll second the suggestion for fwbuilder. I come from a Checkpoint background, and fwbuilder is the only firewall interface I have found that I like as much (other than the FortiGate boxes that I have deployed at some clients now). Fwbuilder with iptables, and kiwisyslog viewer for color coding logs is a great combination.
didn't knew that last one... gonna take a look at it!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.