Re: DNS - Firewall - Gateway - and services ...

[Joel Newkirk <netfilter@newkirk.us>]

On Saturday 11 January 2003 03:10 am, lawrence Of Arabia wrote:

I am running quite a similar arrangement, everything on a RedHat 7.3 box.  
I'm off to bed at the moment, but sometime late tomorrow I will email 
you (off the list) regarding this.  Apart from the firewalling script 
itself, what you are interested in doesn't belong here anyway.

If you want to send me an email privately of what services you want to 
run, and what zoneedit is currently handling,  I can perhaps help out 
some.  Otherwise (unless you ask me not to) I'll write up a brief 
explanation of what I have set up and how it works.

BTW, I'm not familiar with zoneedit.com's services, I use others, but the 
net effect is the same, so my experiences should still prove helpful.

j

> Hey everyone,
>
> i have a slight problem. there is none yet, i just dont have a
> solution.
>
> i have a dsl connection with dynamic IP. i run an apache box 24/7 and
> mail. i have a domain. up to here it has been easy, all from zoneedit.
> but this does not offer me great security. so i look around and
> thought i would go with the linux box as a gateway/firewall option.
> because it seems the most secure, scalable solution. For someone not
> running services, this is rather simple. but since i will be offering
> services, it gets a little more complicated.
>
> in a perfect world, i would have one public ip, and a NAT lan ...
> all services would be run on nat and access the net from the linux
> gateway. up to here, its simple, port forwarding.
>
> BUT! i do not want to use port forwarding, one reason of many, i
> cannot add to many services of the same kind, AND it forces me to deal
> extensively with zoneedit. (i want total control, it would be PERFECT
> if zoneedit was out of the story) ...
>
> i also want hostname recognition, every box will have ftp and ssh
> anyway (plus http or pop3/imap depending) ...
>
> i want to be able to call john smith who works for bell south to talk
> to him about my credit status or his kids! not just ask the accounting
> department.
>
> well ...
>
> i have been looking into this for a while, and feel closer to it. I
> KNOW THERES A WAY! i just dont know it!
>
> i would greatly appreciate comments, suggestions, if you have a
> solution, it being with iptables only, an dns server, a proxy or all
> of those ... i dont care, i wanna hear it!
>
> thanks people ...
>
> lawrence
>
>
>
>
> _________________________________________________________________
> MSN 8 with e-mail virus protection service: 2 months FREE*
> http://join.msn.com/?page=features/virus