LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-03-2004, 10:51 AM   #1
ddaas
Member
 
Registered: Oct 2004
Location: Romania
Distribution: Ubuntu server, FreeBsd
Posts: 474

Rep: Reputation: 30
Question setting up a linux server + firewall + nat


Hello everybody,
Please tell me if my approach for the following situation is correct. I want to have everything clear in my mind before starting to configure my linux box.

I have a dual NIC linux box witch will perform the following functions :a)NAT b)firewall c)http, ftp, dns etc server
I want my servers to be accessible both from the inside and from the outside.

I'll configure the servers to listen on my private IP. For the hosts which want to access them from the outside I'll configure DNAT (ex: connections to 195.x.x.x:80 will be translated to 10.x.x.x:80).

Is this approach good? Is there any other solution?


Thanks,
ddaas
 
Old 10-03-2004, 12:59 PM   #2
r0b0
Member
 
Registered: Aug 2004
Location: Europe
Posts: 608

Rep: Reputation: 50
Looks Ok to me.
 
Old 10-04-2004, 05:05 AM   #3
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
you don't wanna do DNAT for daemons running on the gateway machine itself...

just set your daemons to listen on both interfaces, and create appropriate rules in the INPUT chain...
 
Old 10-04-2004, 04:48 PM   #4
ddaas
Member
 
Registered: Oct 2004
Location: Romania
Distribution: Ubuntu server, FreeBsd
Posts: 474

Original Poster
Rep: Reputation: 30
Thanks a lot !
Could you tell me why is your solution better than the one I was thinking about?
Is it just the router does't have to do DNAT or is something else, too?

Thanks,
ddaas
 
Old 10-14-2004, 09:20 AM   #5
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
DNAT: Destination Network Address Translation

you use this when you need to change the destination address on a packet...

for example, if you want all tcp packets that hit the router on port 80 to be forwarded to a web server on you LAN, you'd use DNAT to change the destination address on the packets to the address of the web server on your LAN...

if the web server is running on the router itself, then you don't need to do any translation at all, because the destination address on the packets will already be the right one...
 
Old 10-14-2004, 09:48 AM   #6
ddaas
Member
 
Registered: Oct 2004
Location: Romania
Distribution: Ubuntu server, FreeBsd
Posts: 474

Original Poster
Rep: Reputation: 30
I understood.
Thanks a lot.

ddaas
 
Old 10-14-2004, 09:58 AM   #7
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
A better setup would be to run the daemons (http,ftp,etc) on a seperate machine, rather than on the firewall itself. Then just forward packets from the firewall system to the server either in the LAN or ideally in a DMZ. Running them on the firewall itself can be dangerous (ie an Apache exploit could potentially compromise your entire LAN).
 
Old 10-14-2004, 06:42 PM   #8
anacOndazz
LQ Newbie
 
Registered: Oct 2004
Location: Europe
Distribution: Knoppix
Posts: 18

Rep: Reputation: 0
I have 2 agree with Capt. Caveman.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Setting up firewall / nat server da644 Linux - Networking 1 08-02-2005 08:22 PM
cant access web server behind NAT/firewall vermaamitabh Linux - Security 3 11-10-2004 11:43 AM
setting up firewall/nat goldenbrodie Linux - Networking 2 02-25-2004 08:31 AM
Setting up NAT/DHCP/Router/Firewall on Red Hat wingphil Red Hat 1 01-29-2004 07:34 AM
gateway(NAT),firewall,server,DMZ andjules Linux - Networking 1 11-22-2002 05:55 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:09 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration