Software Gateway/Firewall
I have setup a test lab at work to implement and play around with a few servers. All servers in the test lab are located in their own non-NAT subnet that has access to all LAN subnets, but any WAN/Internet traffic is blocked by the routers.
However, for some services I need outside access. And in some cases, I want to completely block all traffic to the internal LAN. Instead of asking the networking team to just open up the subnet and configuring firewalls on all servers, I thought it would be interesting (and more efficient) to set up a custom gateway/firewall for the entire subnet.
I started configuring the gateway with two NICs - eth0 is for the internal subnet, eth1 is on a subnet that's open to the world. Ok, and here is where I need help. How to I accomplish the rest? Packet forwarding via IPtables, like a simple -A FORWARD -i eth0 -o eth1 -j ACCEPT? Do I need to put both NICs into promiscuous mode?
eth0 is xxx.xxx.71.10, eth1 is xxx.xxx.65.10
The plan is to configure all network clients with xxx.xxx.71.10 as their gateway, so I can open/close the firewall on the gateway for certain services (for updates, access for test clients in the 65 subnets, etc.)
Addendum: Right now, I have set up IP forwarding via IP tables, enabled ip_forward via syctl and some things seems to work, but not entirely. Outgoing traffic works great, but only on the LAN (internal network, 65 and beyond), but that's it, no access to the outside world. What did I miss?
Thanks for your help,
Pat
Last edited by init.p; 09-18-2008 at 07:06 PM.
|
