Dear LINUX GURUS,

is this possible on 2 Linux boxes will act as a INTERNET Firewall + Filtering:

1st PC = CENTOS 5.5
functions as a firewall using iptables with two NICS 1=ETH0 connected to internet with a public ip and 1=ETH1 with ip address of 10.0.0.1 connected to the 2nd PC Centos 5.5 with squid/dansguardian with ip address of 10.0.0.2


2nd PC = Centos 5.5
functions as a squid + dansguardian internet filtering with 2 NICS 1=ETH0 with ip address of 10.0.0.2 connected to the ETH1 of the 1st PC with ip address of 10.0.0.1 and 2nd ETH1=connected to LAN (172.16.1.0/24)

does this make sense?

this might be confusing but I just want to try this, to protect incoming ssh from our previous Sys admins who intended to enter the LAN 172.16.1.0/24 network. And also to confuse them that they have to pass through 10.0.0.1 - 2.

help

What I understand is, Your previous sysadmin can access ssh from the internet. and you want to prevent him to access your internal network.

If you don't want to access ssh from internet create iptables rule that deny access on your first PC :

#iptables -t INPUT -i eth0 -p tcp --dport 22 -j DROP.

You can also use knockd service to access ssh from internet.

but does this example possible? I mean is this applicable:



INTERNET (120.80.13.69) 2nd NIC (10.0.0.1) SQUID (10.0.0.2) LAN(172.16.1.1)
ETH0 -----------------> ETH1 ----------------> ETH0 -----------> ETH1