Hi to all. I'm planning to set up a demilitarized zone between the Internet and the Intranet. This is the first time I configure a firewall and feel a bit scared! :-) On between I will install a web/postfix server, and maybe plugging some more servers in the future. Of course, I want all computers on the Intranet to have access to the Internet with no restrictions at all. How do I have to configure both firewalls? Both should use NAT or maybe just one of them? Even better: Where can I find documentation about configuring such a scenario? (Please, not a 2000-page manual) Thanks in advance.
* Manuel Balderrábano; <garibolo@wanadoo.es> on 12 Feb, 2004 wrote:
Even better: Where can I find documentation about configuring such a scenario? (Please, not a 2000-page manual)
roughly 110 pages of SuSEfirewall2 http://sourceforge.net/projects/susefaq -- Togan Muftuoglu | Unofficial SuSE FAQ Maintainer | Please reply to the list; http://susefaq.sf.net | Please don't put me in TO/CC. Nisi defectum, haud refiecendum
(After sending this mail just to Togan I reallized I read the wrong document, sorry, Togan!) Hi, thanks for your post! I have downloaded the document, found some information about suse firewalls on that document, but it brought me to: /usr/share/doc/packages/SuSEfirewall2/suseSuSEfirewall2.sysconfig.EXAMPLE and: /usr/share/doc/packages/SuSEfirewall2/EXAMPLES And got to this configuration on both firewalls: Internal firewall: ------------------- FW_DEV_INT="eth0" FW_DEV_DMZ="eth1" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_KERNEL_SECURITY="yes" External firewall: ------------------- FW_DEV_EXT="eth0" FW_DEV_DMZ="eth1" FW_ROUTE="no" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_AUTOPROTECT_SERVICES="yes" FW_FORWARD="IP_FIREWALL_EXTERNAL_INTERFACE,IP_SERVER_ON_THE_DMZ,tcp,80" FW_KERNEL_SECURITY="yes" What do you think? Good? Bad? Ugly?
* Manuel Balderrábano; <garibolo@wanadoo.es> on 12 Feb, 2004 wrote:
(After sending this mail just to Togan I reallized I read the wrong document, sorry, Togan!)
personal mails are ignored unless you have a support contract with me
Hi, thanks for your post! I have downloaded the document, found some information about suse firewalls on that document, but it brought me to:
some its all about susefirewall2 :-(
/usr/share/doc/packages/SuSEfirewall2/suseSuSEfirewall2.sysconfig.EXAMPLE and: /usr/share/doc/packages/SuSEfirewall2/EXAMPLES
And got to this configuration on both firewalls:
Chapter 4 has info about proxies and dual homed hosts Also you may consider reading http://www.oreilly.com/catalog/fire2/chapter/ch13.html and probably consider buying the book as it is bedtime reading material -- Togan Muftuoglu | Unofficial SuSE FAQ Maintainer | Please reply to the list; http://susefaq.sf.net | Please don't put me in TO/CC. Nisi defectum, haud refiecendum
participants (2)
-
Manuel Balderrábano -
Togan Muftuoglu