Guys, I need a ipchains or iptables firewall script that should fit the following diagram..

There will be 3 NIC on the firewall server. 1 one of them will open up the internet. One of them for our local network and the last one is for our Servers.. (WEB, DNS , MAIL)
Any luck that I can find a ipchains firewall script suitable for this situation??
Thank you..


INTERNET
|
|
eth2
------------------
|160.75.5.5 | Server Network
| | eth0
| |----------------------------------------------
| LINUX |
| IPCHAINS | 212.2.2.1 | | |
| FIREWALL | | | |
|192.168.1.1 | | | |
----------------- - -------- ------- -------
| eth1 | WWW | |SMTP | |DNS |
|192.168.1.1 -------- ------- -------
| 212.2.2.2 212.2.2.3 212.2.2.4
Local LAN

two words:

# man iptables

But seriously, would you ever trust anyone here to fully write a iptables script securely? I sure wouldn't if I was that concerned with security. I'd also like to note that I have *zero* clue what your diagram means. I can assume you have the three nics, of which eth2 is connected to the internet, eth0 connected to a server net, and eth1 connected to a private subnet.

I will be glad to try and help you create your *own* iptables script, but I really need some clarity in your situation.

1. Eth0 subnet is? This nic controls what domain?(Internet, Servers, Private)
2. Eth1 subnet is? This nic controls what domain?
3. Eth2 subnet is? This nic controls what domain?
4. Are all nics in the linux box?
5. Do you want each subnet to hit the internet, as well as each other?
6. Ipchains == Firewall in the case you need. Don't separate them, and use iptables as IMHO it's easier and more secure.
7. Do you only have one Internet IP?

Be very detailed and you'll get answers faster here!

J
7.

Oh my god!!
My diagramm..??!??
How the heck did it take that shape? It's not what I drew!. Even I don't have an idea what it looks like..
I'm very sorry bout that.

Ok, let me clear my diagram in my own "words" then..
First of all,
There will be 3 NIC cards in the "same" linux box.
-The first NIC (eth0) will be the only one to be exposed to the internet.
It'll have static IP.
-My second NIC will be serving to my servers. It doesn't need to be connected to the internet seperatly, It'll get it's connection from eth0. (This one has an IP, let's say 192.168.0.1, this NIC will share it's connection via a switch to 3 servers..
-My third NIC card will be used only for my local Network( workstations,print server etc.)

I can use as many static IP's as I want. No restriction is applied in bandwith either.

Gathering all the NIC's under the same domain would be fine?
Or should I seperate them all?
Well, this is the basic idea , what I wanna do.
Thanks in advance.

I'd give eth2 192.168.1.1 or something similar.
The firewall script you may use is a standard firewalling script (only looking at packets coming from/to eth0). It's harder to configure it toroute well, but not hard. Read man route, man ifconfig and man iptables.

Try this tutorial...

http://www.linuxsecurity.com/resourc...bles-Tutorial/

There is a DMZ example to try and then adjust for your needs.

Also, make sure you read all the tutorial first, it will save going back several times to follow Oskar's strategy.

Rgds.