Firewall for combined networks

Posted on 2004-11-02
Medium Priority
Last Modified: 2010-04-20
I would say I am a newbie for Linux, but yet I can trick problems.
I have Slackware10 , iptables latest version installed and I need to set up a good firewall. I can't manage iptables so good, and I have tried fwbuilder or shorewall but I always make a mistake. So here is my situation.

eth0=net and routes a class of assigned ip addresses(on eth1) -
eth1=local class 255 ip addresses routed by the ip of eth0 -
eth2=local class of 32 addresses done by NAT (using an ip of eth1 to get out) -

I use squid for my local clients.. I have managed to configure squid.conf, working fine.

I want to -prevent outside access incoming to eth0 and eth1 - disable ping, icmp stuff to eth0.
              -prevent flodding from the interior of the network to outside.
              -allow my clients from eth2 to get out through an ip, and let's say to specify a port for dc++ so they can be in active mode, not passive.
              -prevent flooding from outside to local clients

Also I have two scripts running which allow my clients to connect and use my internet only if I specify their mac address, but this has nothing to do with the firewall I need to do.

Hope someone knows what I am speaking about.

Question by:blackscorpio822

Assisted Solution

tapkep earned 750 total points
ID: 12481628
You can also use http://easyfwgen.morizot.net/gen/index.php to generate skeleton of firewall.
Hope this will help (I now play with OpenBSD and pf  :) ).

Accepted Solution

kidoman earned 750 total points
ID: 12489061

Take a look at this: best IP tables explanation ever, and also the scripts provided do provide a starting groud....




Author Comment

ID: 12494534
Thanks guys.. it's ok now.. , just finishing, kidoman many thanks for the link.. I'm starting to understand :P

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
How to fix display issue, screen flickering issue when I plug in power cord to the machine. Before I start explaining the solution lets check out once the issue how it looks like after I connect the power cord. most of you also have faced this…
Suggested Courses

589 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question