[Firewall] Question

Morten canislupusfamiliaris at gmail.com
Tue Oct 14 10:23:15 CEST 2014


Thank you very much!:-)
On 14 Oct 2014 07:50, "Arno van Amersfoort" <arnova at rocky.eld.leidenuniv.nl>
wrote:

> This is a fairly simple setup. Just put all of your internal interfaces in
> INT_IF. INT_IF interfaces are shielded from each other by default. Put your
> external interface in EXT_IF (and configure EXT_IF_DHCP_IP etc.). You
> probably also want to enable NAT, enable NAT=1 for this. That's it.
>
> a.
>
> On 13-Oct-14 20:48, Gene Cooper wrote:
>
>> Hi Morten,
>>
>> You mean ETH1, right?
>>
>> In previous situations, I have added simple firewall rules to block
>> 10.0.0.0/8 from 10.0.0.0/8.  You might need to specify source or
>> destination interfaces, or whatever to make the rules more granular if
>> you need to, but that will mean you need more rules.
>>
>> Also, drop 192.168.0.0/24 from 10.0.0.0/8 plus 10.0.0.0/8 from
>> 192.168.0.0/24.
>>
>> There's probably a better way and I'm no firewall expert, but it's
>> simple and works.  If there is a better way, I'd like to know too.  ;-)
>>
>> Thanks,
>>
>> G
>>
>> On 10/13/2014 08:05 AM, Morten wrote:
>>
>>> Hi!
>>>
>>> I have six nics in a server that I will use as a firewall/router.
>>> They are setup like this:
>>>
>>> eth0: 192.168.1.0/24 <http://192.168.1.0/24>
>>> eth1: dhcp (external / internet)
>>> eth2: 10.0.0.0/24 <http://10.0.0.0/24>
>>> eth3: 10.0.1.0/24 <http://10.0.1.0/24>
>>> eth4: 10.0.2.0/24 <http://10.0.2.0/24>
>>> eth5: 10.0.3.0/24 <http://10.0.3.0/24>
>>> eth6: 10.0.4.0/24 <http://10.0.4.0/24>
>>>
>>> I don't want any of the internal networks to be able to reach each
>>> other, but they should be able to connect to internet through eth2.
>>>
>>> How should i setup the configuration file correct?
>>>
>>> Regards,
>>> Morten
>>>
>>>
>>>
>>> _______________________________________________
>>> Firewall mailing list
>>> Firewall at rocky.eld.leidenuniv.nl
>>> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
>>> Arno's (Linux IPTABLES Firewall) Homepage:
>>> http://rocky.eld.leidenuniv.nl
>>>
>>>
>>  _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rocky.eld.leidenuniv.nl/pipermail/firewall/attachments/20141014/b59b38a1/attachment.html>


More information about the Firewall mailing list