Mailinglist Archive: opensuse-security (196 mails)
| < Previous | Next > |
Re: [suse-security] [Genera] Rules for firewall?
- From: Rikard Johnels <rikjoh@xxxxxxxxx>
- Date: Fri, 1 Oct 2004 12:12:43 +0200
- Message-id: <200410011212.43401.rikjoh@xxxxxxxxx>
On Friday 01 October 2004 05.26, SRGlasoe wrote:
> On Thu September 30 2004 6:06 am, Rikard Johnels wrote:
> > Hi all!
> > I dont know if this is the right list, but here goes.
> >
> > I am fairly new to firewalling and iptables.
> > I have a setup as follows:
> >
> > firewall: red eth0 external interface (adsl, dhcp)
> > yellow eth1 dmz interface
> > green eth2 internal interface
> >
> > On dmz is a combined server running
> > web/ mysql/ ftp/ caching dns/ time/ outgoing mail and nfs server
> > I only want web/ftp to be available from red
> >
> > All other services is for green (and yellow) network
> >
> > I have several machines on green (So i guess i want NAT there)
> > One Linux server with NFS
> > Three linux ones running gnomemeeting amsn and licq
> > Two windows ones running Netmeeting, MSN, ICQ
> > All machines run bittorrent, limewire and dc++
> >
> > I want ssh access to all boxes
> > I want to be able to run all communicationservices from arbitrary box.
> > All internal boxes shall use time/ dns/ outgoing mail om the dmz server
> >
> > The firewall is to be locked down for user login only via ssh.
> > Anything to be done is sudo'ne
> > (note to self, find out how to lock ssh to userlogin only)
> > But i want access from red to firewall so i can "jump" to green and
> > yellow if needed.
> >
> > I want as full access as possible from green to red
> >
> > I have read the SuSEFirewall2 docs in
> > /usr/share/docs/packages/SuSEFirewall2 but i cant figure it out..
> > What so set, what to add/remove..
> >
> > Any pointers on where to start learning?
> > Any pointers on how to set it up?
> >
> >
> > --
> > /Rikard
>
> Shorewall firewall at www.shorewall.net. Much easier to understand and
> setup than SuSEfirewall2. Lots of example files for various configurations,
> very good documentation. Author uses SUSE 9.1 Pro. Combined with Webmin its
> very easy to get setup and running.
>
> Stan
From the looks of it, shorewall seems to be script based.
I will give it a try and see if it works on my firewall.
Its a Alphastation (SuSE 7.1 AXP system), but i hope it is compatible
enough :)
Documentation will follow.. (hopefully)
--
/Rikard
------------------------------------------------------------------------------------
Rikard Johnels email : rikjoh@xxxxxxxxx
Web : http://www.rikjoh.com
Mob : +46 735 05 51 01
------------------------ Public PGP fingerprint ----------------------------
< 15 28 DF 78 67 98 B2 16 1F D3 FD C5 59 D4 B6 78 46 1C EE 56 >
> On Thu September 30 2004 6:06 am, Rikard Johnels wrote:
> > Hi all!
> > I dont know if this is the right list, but here goes.
> >
> > I am fairly new to firewalling and iptables.
> > I have a setup as follows:
> >
> > firewall: red eth0 external interface (adsl, dhcp)
> > yellow eth1 dmz interface
> > green eth2 internal interface
> >
> > On dmz is a combined server running
> > web/ mysql/ ftp/ caching dns/ time/ outgoing mail and nfs server
> > I only want web/ftp to be available from red
> >
> > All other services is for green (and yellow) network
> >
> > I have several machines on green (So i guess i want NAT there)
> > One Linux server with NFS
> > Three linux ones running gnomemeeting amsn and licq
> > Two windows ones running Netmeeting, MSN, ICQ
> > All machines run bittorrent, limewire and dc++
> >
> > I want ssh access to all boxes
> > I want to be able to run all communicationservices from arbitrary box.
> > All internal boxes shall use time/ dns/ outgoing mail om the dmz server
> >
> > The firewall is to be locked down for user login only via ssh.
> > Anything to be done is sudo'ne
> > (note to self, find out how to lock ssh to userlogin only)
> > But i want access from red to firewall so i can "jump" to green and
> > yellow if needed.
> >
> > I want as full access as possible from green to red
> >
> > I have read the SuSEFirewall2 docs in
> > /usr/share/docs/packages/SuSEFirewall2 but i cant figure it out..
> > What so set, what to add/remove..
> >
> > Any pointers on where to start learning?
> > Any pointers on how to set it up?
> >
> >
> > --
> > /Rikard
>
> Shorewall firewall at www.shorewall.net. Much easier to understand and
> setup than SuSEfirewall2. Lots of example files for various configurations,
> very good documentation. Author uses SUSE 9.1 Pro. Combined with Webmin its
> very easy to get setup and running.
>
> Stan
From the looks of it, shorewall seems to be script based.
I will give it a try and see if it works on my firewall.
Its a Alphastation (SuSE 7.1 AXP system), but i hope it is compatible
enough :)
Documentation will follow.. (hopefully)
--
/Rikard
------------------------------------------------------------------------------------
Rikard Johnels email : rikjoh@xxxxxxxxx
Web : http://www.rikjoh.com
Mob : +46 735 05 51 01
------------------------ Public PGP fingerprint ----------------------------
< 15 28 DF 78 67 98 B2 16 1F D3 FD C5 59 D4 B6 78 46 1C EE 56 >
| < Previous | Next > |