On Thu, 23 Apr 1998, Randy Carpenter wrote:
> Ok.. here is the situation:
>
> internet--------|Linux firewall|----------|private server|
> 1.2.3.4 10.0.0.1 10.0.0.2
>
> I need to be able to provide a way for specific IP addresses on the
> internet to gain access to the private server, via the Linux firewall,
> while disallowing all other connections... Any ideas as to a secure and
> useful way to accomplish this? I have full access to all routers in
> between the private server, and the hosts which need access, so I can do
> some routing magic, if needed.
You can use ipfwadm to control where you'll allow incoming connections
from fairly easily, but the private addresses will not route on the
backbone. You'll need something that will bridge the gap, like a proxy
on the firewall to forward the packets or some kind of Network Address
Translation.
There's a forum on Linux NAT at:
http://www.csn.tu-chemnitz.de/HyperNews/get/linux-ip-nat.html
I've not set this up myself, but I'm guessing it might use the Transparent
Proxy support in the kernel (an expertimental option in 2.0.x). You
might hit some search engines for "Linux and NAT". You will need
additional "real" IP addresses that will route on the backbone to do NAT,
from what I understand.
Rich
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject.
