From: Paul Frieden <pfrieden@users.sourceforge.net>
To: netfilter@lists.netfilter.org
Subject: Re: Firewall help
Date: Wed, 11 Dec 2002 16:00:02 -0600 [thread overview]
Message-ID: <3DF7B562.70902@users.sourceforge.net> (raw)
In-Reply-To: <358420000.1039638027@wookie.shorewall.net>
I would also recommend looking at my project PacketFlow Firewall
Generator. You can download it from
http://packetflowfw.sourceforge.net. It generates rules from a simple
XML configuration format. It includes several examples, including
single and multi DMZ configs. It should be simple to modify one of
these to your purposes. It doesn't currently generate NAT rules, but
I've found that they are fairly easy to make by hand.
PacketFlow is written in Python and uses libxml2. Both of these should
be included in RH8, so it shouldn't be any trouble. If you have any
questions, you can post them on the site and I'll help if I can.
Paul
Tom Eastep wrote:
>
>
> --On Wednesday, December 11, 2002 09:49:49 PM +0200 DeWet van Rooyen
> <dewet@cyberdawn.co.za> wrote:
>
>> I installed a machine with Redhat 8 and are trying to set up a iptables
>> firewall with 2 internal segments (DMZ and internal network).
>> My machine have 3 Network cards.
>>
>> Is this possible ?
>>
>> I can seem to get all the segments to see each other. Can you give
>> me an
>> idea on how to do this. Is it just a question of routes / Nat and Arp
>> entries ?
>>
>> DMZ - 192.168.1.0 / 255.255.255.0
>> Internal Network / 192.168.2.0 / 255.255.255.0
>> For the external interface, I have 64 ip addresses - 255.255.255.192
>>
>
> If you would be willing to forego using iptables directly, take a look
> at http://shorewall.sf.net/three-interface.htm.
>
> -Tom
> --
> Tom Eastep \ Shorewall - iptables made easy
> Shoreline, \ http://shorewall.sf.net
> Washington USA \ teastep@shorewall.net
>
>
next prev parent reply other threads:[~2002-12-11 22:00 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-12-11 19:49 Firewall help DeWet van Rooyen
2002-12-11 20:01 ` Marcello Scacchetti
2002-12-11 20:20 ` Tom Eastep
2002-12-11 22:00 ` Paul Frieden [this message]
2002-12-11 21:36 ` Louie
-- strict thread matches above, loose matches on Subject: below --
2004-03-02 16:05 firewall help Gilmore, Eric
2005-10-11 16:42 Firewall Help Russ Kreigh
2005-10-11 16:47 Gary W. Smith
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3DF7B562.70902@users.sourceforge.net \
--to=pfrieden@users.sourceforge.net \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox