help on DMZ project

help on DMZ project

[louie miranda]

I currently have a project to make a DMZ farm of servers. I actually want to
make this firewall
be splitted in to 4 or more networks. I'll be trying to host 3 different
company, I would like to
try using Iptables as my main firewall and gateway before the internet.

Could this be done? And which documents should i read? I currently have a
different network that i am masquerading right now. But i had never tried a
dmz type that is so complicated yet for me.

Hope i could have feedback on my problem!


--
thanks,
louie miranda

Re: help on DMZ project

[Chris Partsenidis]

Louie,

If you would like to see a few different DMZ configurations, please visit my website : www.firewall.cx 

Under the "Firewalls" menu you will find the DMZ topic.

Also, under 'Firewalls-->NAT-->Static NAT--> Concepts and Examples' you will find a nice DMZ example to help you, should you decide to implement it.

Cheers,

Chris P.
www.Firewall.cx

---------- Original Message -------------
Subject: help on DMZ project
Date: Thu, 13 Mar 2003 17:16:27 +0800
From: "louie miranda" <lmiranda@chikka.com>
To: <netfilter@lists.samba.org>


I currently have a project to make a DMZ farm of servers. I actually want to
make this firewall
be splitted in to 4 or more networks. I'll be trying to host 3 different
company, I would like to
try using Iptables as my main firewall and gateway before the internet.

Could this be done? And which documents should i read? I currently have a
different network that i am masquerading right now. But i had never tried a
dmz type that is so complicated yet for me.

Hope i could have feedback on my problem!


--
thanks,
louie miranda

Re: help on DMZ project

[Arnt Karlsen]

On Thu, 13 Mar 2003 11:41:42 -0000, 
"Chris Partsenidis" <Chris@Firewall.cx> top posted in message 
<20030313114142.2704C1BB2FE@mail.powweb.com>:
> > 
> > ---------- Original Message -------------
> > Subject: help on DMZ project
> > Date: Thu, 13 Mar 2003 17:16:27 +0800
> > From: "louie miranda" <lmiranda@chikka.com>
> > To: <netfilter@lists.samba.org>
> > 
> > 
> > I currently have a project to make a DMZ farm of servers. I actually
> > want to make this firewall
> > be splitted in to 4 or more networks. I'll be trying to host 3
> > different company, I would like to
> > try using Iptables as my main firewall and gateway before the
> > internet.
> > 
> > Could this be done? And which documents should i read? I currently

..piece of cake, several ways:  http://ipcop.org/  needs its 
own box, http://shorewall.net/ does really does too in your 
case, add in http://webmin.com/ to control it too, from a web 
browser, or, you can control both from ssh.  

> > have a different network that i am masquerading right now. But i had
> > never tried a dmz type that is so complicated yet for me.
> > 
> > Hope i could have feedback on my problem!
> > 
> > 
> > --
> > thanks,
> > louie miranda
> > 
> Louie,
> 
> If you would like to see a few different DMZ configurations, please
> visit my website : www.firewall.cx 
> 
> Under the "Firewalls" menu you will find the DMZ topic.
> 
> Also, under 'Firewalls-->NAT-->Static NAT--> Concepts and Examples'
> you will find a nice DMZ example to help you, should you decide to
> implement it.
> 
> Cheers,
> 
> Chris P.
> www.Firewall.cx

.."This site is best viewed at 1024x768 - Minimum resolution: 
800x600 in full screen mode ".   Ok, your menu button bar tries 
to span all 1600 dot, I like galeon to look nice in its window, 
try http://validator.w3.org/ to diagnose it.

..otherwise, nice site, 1 nit: a dmz might have a more 
"dangerous" color.  ;-)

-- 
..med vennlig hilsen = with Kind Regards from Arnt... ;-)
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.

Re: help on DMZ project

[Tom Eastep]

--On Thursday, March 13, 2003 05:16:27 PM +0800 louie miranda 
<lmiranda@chikka.com> wrote:

>
> Could this be done? And which documents should i read? I currently have a
> different network that i am masquerading right now. But i had never tried
> a dmz type that is so complicated yet for me.
>
> Hope i could have feedback on my problem!
>

You might take a look at Shorewall (http://www.shorewall.net) -- it makes 
setting up these types of configurations much easier than it would be by 
hand. Start with http://www.shorewall.net/shorewall_setup_guide.htm to get 
an idea of your options. While that document describes just a 
three-interface firewall with DMZ, extending it to include more networks is 
straightforward.

-Tom
--
Tom Eastep   \ Shorewall - iptables made easy
Shoreline,    \ http://www.shorewall.net
Washington USA \ teastep@shorewall.net

Re: help on DMZ project

[Daniel Wittenberg]

I personally would avoid ipcop because the last time I checked it was
still 2.2 based and was not a stateful firewall.  I can't speak for
shorewall, I haven't had a chance to play with it yet (we wrote our own
firewall code + web interface so I haven't kept up too much on some of
these other projects).

Dan

On Thu, 2003-03-13 at 07:58, Arnt Karlsen wrote:
> On Thu, 13 Mar 2003 11:41:42 -0000, 
> "Chris Partsenidis" <Chris@Firewall.cx> top posted in message 
> <20030313114142.2704C1BB2FE@mail.powweb.com>:
> > > 
> > > ---------- Original Message -------------
> > > Subject: help on DMZ project
> > > Date: Thu, 13 Mar 2003 17:16:27 +0800
> > > From: "louie miranda" <lmiranda@chikka.com>
> > > To: <netfilter@lists.samba.org>
> > > 
> > > 
> > > I currently have a project to make a DMZ farm of servers. I actually
> > > want to make this firewall
> > > be splitted in to 4 or more networks. I'll be trying to host 3
> > > different company, I would like to
> > > try using Iptables as my main firewall and gateway before the
> > > internet.
> > > 
> > > Could this be done? And which documents should i read? I currently
> 
> ..piece of cake, several ways:  http://ipcop.org/  needs its 
> own box, http://shorewall.net/ does really does too in your 
> case, add in http://webmin.com/ to control it too, from a web 
> browser, or, you can control both from ssh.  

Re: help on DMZ project

[Arnt Karlsen]

On 13 Mar 2003 12:54:43 -0600, 
Daniel Wittenberg <daniel-wittenberg@starken.com> top posted, _and_,
cc'ed, in message<1047581684.1686.4.camel@runabout.noc.starken.com>:
> 
> On Thu, 2003-03-13 at 07:58, Arnt Karlsen wrote:
> > On Thu, 13 Mar 2003 11:41:42 -0000, 
> > "Chris Partsenidis" <Chris@Firewall.cx> top posted in message 
> > <20030313114142.2704C1BB2FE@mail.powweb.com>:
> > > > 
> > > > ---------- Original Message -------------
> > > > Subject: help on DMZ project
> > > > Date: Thu, 13 Mar 2003 17:16:27 +0800
> > > > From: "louie miranda" <lmiranda@chikka.com>
> > > > To: <netfilter@lists.samba.org>
> > > > 
> > > > 
> > > > I currently have a project to make a DMZ farm of servers. I
> > > > actually want to make this firewall
> > > > be splitted in to 4 or more networks. I'll be trying to host 3
> > > > different company, I would like to
> > > > try using Iptables as my main firewall and gateway before the
> > > > internet.
> > > > 
> > > > Could this be done? And which documents should i read? I
> > > > currently
> > 
> > ..piece of cake, several ways:  http://ipcop.org/  needs its 
> > own box, http://shorewall.net/ does really does too in your 
> > case, add in http://webmin.com/ to control it too, from a web 
> > browser, or, you can control both from ssh.  
> 
> I personally would avoid ipcop because the last time I checked it was
> still 2.2 based and was not a stateful firewall.  I can't speak for

..ipcop-0.1.1 thru 1.2.0 are 2.2/ipchains and _not_ stateful, 
1.3 upwards is 2.4/iptables and stateful, just like shorewall.  
For production requiring statefulness, you want shorewall, 
until ipcop-1.3beta1 is found demonstrably stable.  

> shorewall, I haven't had a chance to play with it yet (we wrote our
> own firewall code + web interface so I haven't kept up too much on
> some of these other projects).

..ah, time to back off on the panting and _take_ that time.  ;-) 

> Dan
> 

-- 
..med vennlig hilsen = with Kind Regards from Arnt... ;-)
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.

Re: help on DMZ project

[louie miranda]

Really thanks to everyone! I'll update you good people as soon as i'have
read and install everything on my DMZ Project!



--
thanks,
louie miranda


----- Original Message -----