[Firewall] Question

Arno van Amersfoort arnova at rocky.eld.leidenuniv.nl
Tue Oct 14 07:48:59 CEST 2014


This is a fairly simple setup. Just put all of your internal interfaces 
in INT_IF. INT_IF interfaces are shielded from each other by default. 
Put your external interface in EXT_IF (and configure EXT_IF_DHCP_IP 
etc.). You probably also want to enable NAT, enable NAT=1 for this. 
That's it.

a.

On 13-Oct-14 20:48, Gene Cooper wrote:
> Hi Morten,
>
> You mean ETH1, right?
>
> In previous situations, I have added simple firewall rules to block
> 10.0.0.0/8 from 10.0.0.0/8.  You might need to specify source or
> destination interfaces, or whatever to make the rules more granular if
> you need to, but that will mean you need more rules.
>
> Also, drop 192.168.0.0/24 from 10.0.0.0/8 plus 10.0.0.0/8 from
> 192.168.0.0/24.
>
> There's probably a better way and I'm no firewall expert, but it's
> simple and works.  If there is a better way, I'd like to know too.  ;-)
>
> Thanks,
>
> G
>
> On 10/13/2014 08:05 AM, Morten wrote:
>> Hi!
>>
>> I have six nics in a server that I will use as a firewall/router.
>> They are setup like this:
>>
>> eth0: 192.168.1.0/24 <http://192.168.1.0/24>
>> eth1: dhcp (external / internet)
>> eth2: 10.0.0.0/24 <http://10.0.0.0/24>
>> eth3: 10.0.1.0/24 <http://10.0.1.0/24>
>> eth4: 10.0.2.0/24 <http://10.0.2.0/24>
>> eth5: 10.0.3.0/24 <http://10.0.3.0/24>
>> eth6: 10.0.4.0/24 <http://10.0.4.0/24>
>>
>> I don't want any of the internal networks to be able to reach each
>> other, but they should be able to connect to internet through eth2.
>>
>> How should i setup the configuration file correct?
>>
>> Regards,
>> Morten
>>
>>
>>
>> _______________________________________________
>> Firewall mailing list
>> Firewall at rocky.eld.leidenuniv.nl
>> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
>> Arno's (Linux IPTABLES Firewall) Homepage:
>> http://rocky.eld.leidenuniv.nl
>>
>


More information about the Firewall mailing list