Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Location: Baltimore,MD,USA,Earth,Some Galaxy, We haven't gone that far!
Distribution: Redhat 7.3
Posts: 104
Rep:
Iptables Firewall script.
Guys, I need a ipchains or iptables firewall script that should fit the following diagram..
There will be 3 NIC on the firewall server. 1 one of them will open up the internet. One of them for our local network and the last one is for our Servers.. (WEB, DNS , MAIL)
Any luck that I can find a ipchains firewall script suitable for this situation??
Thank you..
But seriously, would you ever trust anyone here to fully write a iptables script securely? I sure wouldn't if I was that concerned with security. I'd also like to note that I have *zero* clue what your diagram means. I can assume you have the three nics, of which eth2 is connected to the internet, eth0 connected to a server net, and eth1 connected to a private subnet.
I will be glad to try and help you create your *own* iptables script, but I really need some clarity in your situation.
1. Eth0 subnet is? This nic controls what domain?(Internet, Servers, Private)
2. Eth1 subnet is? This nic controls what domain?
3. Eth2 subnet is? This nic controls what domain?
4. Are all nics in the linux box?
5. Do you want each subnet to hit the internet, as well as each other?
6. Ipchains == Firewall in the case you need. Don't separate them, and use iptables as IMHO it's easier and more secure.
7. Do you only have one Internet IP?
Be very detailed and you'll get answers faster here!
Location: Baltimore,MD,USA,Earth,Some Galaxy, We haven't gone that far!
Distribution: Redhat 7.3
Posts: 104
Original Poster
Rep:
Oh my god!!
My diagramm..??!??
How the heck did it take that shape? It's not what I drew!. Even I don't have an idea what it looks like..
I'm very sorry bout that.
Ok, let me clear my diagram in my own "words" then..
First of all,
There will be 3 NIC cards in the "same" linux box.
-The first NIC (eth0) will be the only one to be exposed to the internet.
It'll have static IP.
-My second NIC will be serving to my servers. It doesn't need to be connected to the internet seperatly, It'll get it's connection from eth0. (This one has an IP, let's say 192.168.0.1, this NIC will share it's connection via a switch to 3 servers..
-My third NIC card will be used only for my local Network( workstations,print server etc.)
I can use as many static IP's as I want. No restriction is applied in bandwith either.
Gathering all the NIC's under the same domain would be fine?
Or should I seperate them all?
Well, this is the basic idea , what I wanna do.
Thanks in advance.
I'd give eth2 192.168.1.1 or something similar.
The firewall script you may use is a standard firewalling script (only looking at packets coming from/to eth0). It's harder to configure it toroute well, but not hard. Read man route, man ifconfig and man iptables.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.