Firewall for combined networks

Posted on 2004-11-02
Last Modified: 2010-04-20
I would say I am a newbie for Linux, but yet I can trick problems.
I have Slackware10 , iptables latest version installed and I need to set up a good firewall. I can't manage iptables so good, and I have tried fwbuilder or shorewall but I always make a mistake. So here is my situation.

eth0=net and routes a class of assigned ip addresses(on eth1) -
eth1=local class 255 ip addresses routed by the ip of eth0 -
eth2=local class of 32 addresses done by NAT (using an ip of eth1 to get out) -

I use squid for my local clients.. I have managed to configure squid.conf, working fine.

I want to -prevent outside access incoming to eth0 and eth1 - disable ping, icmp stuff to eth0.
              -prevent flodding from the interior of the network to outside.
              -allow my clients from eth2 to get out through an ip, and let's say to specify a port for dc++ so they can be in active mode, not passive.
              -prevent flooding from outside to local clients

Also I have two scripts running which allow my clients to connect and use my internet only if I specify their mac address, but this has nothing to do with the firewall I need to do.

Hope someone knows what I am speaking about.

Question by:blackscorpio822
    LVL 6

    Assisted Solution

    You can also use to generate skeleton of firewall.
    Hope this will help (I now play with OpenBSD and pf  :) ).
    LVL 2

    Accepted Solution


    Take a look at this: best IP tables explanation ever, and also the scripts provided do provide a starting groud....



    Author Comment

    Thanks guys.. it's ok now.. , just finishing, kidoman many thanks for the link.. I'm starting to understand :P

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Join & Write a Comment

    Suggested Solutions

    Title # Comments Views Activity
    squid3 ntlm and itunes authentication 5 70
    Identify Linux loader 67 151
    resolv.conf empty ubuntu server 14 3 58
    ovirt web management page 1 57
    I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
    Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now