* Marc Mueller wrote on Fri, May 10, 2002 at 19:05 +0200:
I want to set up a firewall, which should only "protect" ONE MS-WWW-Server (that has no official IP). The server should not have ANY access to anything,
That is simple. Just unplug the networking cable.
the firewall should only offer a telnet from certain addresses (restricted by /etc/xinetd.conf).
The firewall offers telnet services?! Why do not use SSH?
What can I do?
Maybe set up a port forwarder manually. Should be like this: local="1.2.3.4" remote="192.168.0.2" for port in 80 443 ; do ipmasqadm portfw -a -P tcp -L $local $port -R $remote $port done; You may want to explicitly masq that traffic with something like: ipchains -A forward -s $remote $port -d 0/0 -i $dev -j MASQ Another possibility is a transparent proxy, I think here it's called a http accelerator, which could be used i.e. to block some requests and other protocol stuff (at least in http). oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.