All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] Firewal + Routing
@ 2003-09-18 20:54 Mihai Vlad
  2003-09-18 21:18 ` Daniel Chemko
  0 siblings, 1 reply; 2+ messages in thread
From: Mihai Vlad @ 2003-09-18 20:54 UTC (permalink / raw)
  To: lartc

Hello again.

Suppose I have the following setup:

	|-----------|					|-----------|
LAN<--|---eth0 ---| <------LINUX Router-------> |---eth1
---|------>INTERNET
	|-----------|					|-----------|

eth0 = 192.168.0.1  (LAN)
eth1 = 194.105.23.2 (INTERNET)	

As a basic configuration my Linux box is in fact a NAT box and an
"iptables-based" firewall.
The box works excellent for protecting my LAN.

Now, I have bought a class of 8 IP's (real ones). Those IP's were routed
by my ISP to my little Linux box.
I have assigned 5 of these 8 IP's to some computers in my LAN, as they
need real IP's on them.
One of them is placed on an alias to eth0. (eth0:0 = 213.154.255.209).

The new gateway for these 5 computers is in fact 213.154.255.209
(eth0:0), and as far as my judgment goes they 
are completely exposed to attacks. 

Is there any possibility to make my Linux box work as a firewall, not
only for the NAT-ed machines, but also for 
these 5 computers that have real IP's?

Thanks in advance.
 


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 2+ messages in thread
* RE: [LARTC] Firewal + Routing
  2003-09-18 20:54 [LARTC] Firewal + Routing Mihai Vlad
@ 2003-09-18 21:18 ` Daniel Chemko
  0 siblings, 0 replies; 2+ messages in thread
From: Daniel Chemko @ 2003-09-18 21:18 UTC (permalink / raw)
  To: lartc

You can, but you will need a third NIC in the machine to make it clean.

http://bridge.sourceforge.net/
This site has a lot of reference material in order to actually pull it
off.

Basically, you place the 5 PC's on their own network with your existing
Firewall with the new third NIC plugged into it.

The Firewall forwards (bridges) any traffic sent to your public IP
computers. The internal bridging logic of Linux once configured will
route those packets to the third interface transparently. The only
effective change here is that now you can control the channel between
those computers and the internet, hence allowing for those machines to
be firewall protected.

>Is there any possibility to make my Linux box work as a firewall, not
>only for the NAT-ed machines, but also for 
>these 5 computers that have real IP's?

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2003-09-18 21:18 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-09-18 20:54 [LARTC] Firewal + Routing Mihai Vlad
2003-09-18 21:18 ` Daniel Chemko

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.