joris
07-25-2001, 06:35 AM
Dear Linux Newbie's,
I am trying to build a firewall on my brand new system. I have already setup ip filtering from and to the ethernet adapters (eth0) and (eth1( of the firewall.
Next what I would like to to is to use NAT and iptables to make my private systems available for other systems coming from the Internet.
An example:
-------- --------- ---------
| client | -- | firewal | -- | server1 |
-------- --------- | ---------
| ---------
- | server2 |
---------
IP client: 0.0.0.0/0
IP firewall (eth1, Internet) 1.2.3.4
IP firewall (eth0, private) 172.16.1.1
server1 (private) 172.16.1.2
server1 (private) 172.16.1.3
I would the following
1. private server1
------------------
from client to firewall
source address: 0.0.0.0 (any port)
destination: 1.2.3.4 (port 2400)
from fireall to client
source address: 1.2.3.4 (port 2400)
destination: 0.0.0.0 (any)
(all packets exept SYN -request
for new TCP/IP session)
firewall translates address from
1.2.3.4:2400 to 172.16.1.2:2400 and
let the client make an connection to
my private server.
No cennections from my private server
is allowed over port 2400 to the Internet
clients.
2. same as private server1 but than to
provate server2 and port 2500
4. All other traffic (other tcp/upd ports)
from and to my private servers needs to
be blocked.
Does any body has an idea how to configure this with iptables and NAT.
Please let me know so I can finish my
firewall and finally connect to the Internet in a secure way.
Joris Smits
joris@treedata.nl
I am trying to build a firewall on my brand new system. I have already setup ip filtering from and to the ethernet adapters (eth0) and (eth1( of the firewall.
Next what I would like to to is to use NAT and iptables to make my private systems available for other systems coming from the Internet.
An example:
-------- --------- ---------
| client | -- | firewal | -- | server1 |
-------- --------- | ---------
| ---------
- | server2 |
---------
IP client: 0.0.0.0/0
IP firewall (eth1, Internet) 1.2.3.4
IP firewall (eth0, private) 172.16.1.1
server1 (private) 172.16.1.2
server1 (private) 172.16.1.3
I would the following
1. private server1
------------------
from client to firewall
source address: 0.0.0.0 (any port)
destination: 1.2.3.4 (port 2400)
from fireall to client
source address: 1.2.3.4 (port 2400)
destination: 0.0.0.0 (any)
(all packets exept SYN -request
for new TCP/IP session)
firewall translates address from
1.2.3.4:2400 to 172.16.1.2:2400 and
let the client make an connection to
my private server.
No cennections from my private server
is allowed over port 2400 to the Internet
clients.
2. same as private server1 but than to
provate server2 and port 2500
4. All other traffic (other tcp/upd ports)
from and to my private servers needs to
be blocked.
Does any body has an idea how to configure this with iptables and NAT.
Please let me know so I can finish my
firewall and finally connect to the Internet in a secure way.
Joris Smits
joris@treedata.nl