Re: [suse-security] Firewall with one physical and one virtual interface

[Sven 'Darkman' Michels <sven@xxxxxxxxxx>]

Lukas Feiler wrote:
> Hi list,
>
> I have multiple dedicated servers at a provider that does not offer a
> firewall. Nor is it possible to get a second network interface for one of
> the servers and configure it as a firewall. I was therefore thinking of
> reconfiguring one of the servers as a firewall with a physical interface to
> the outside world and a virtual interface to the inside. The internal
> interface of the firewall and all servers would be assigned a private IP
> address. The firewall would perform DNAT for the servers.

That won't work or at least don't provide security. First of all, think
about another provider. Second: try openvpn and setup a vpn from every
Server to your Linuxbox and route all traffic thru it. If you're able
to configure your windows that it only accepts traffic from and to your
other server it should be the most security you can get in this setup.
Notice: on aliased interfaces you can't set rules or whatever with
iptables. It always matches for the main interface and so all aliases,
too. Aliased interfaces are just more ips for the same interface, not
a second interface like eth1 is.

Hope that helps.

Regards,
Sven

PS: for a new provider, you can ask me by privat mail, if you need ;-)


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here