[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] [Genera] Rules for firewall?



On Thu September 30 2004 6:06 am, Rikard Johnels wrote:
> Hi all!
> I dont know if this is the right list, but here goes.
>
> I am fairly new to firewalling and iptables.
> I have a setup as follows:
>
> firewall: red eth0 external interface (adsl, dhcp)
>   yellow eth1 dmz interface
>   green eth2 internal interface
>
> On dmz is a combined server running
> web/ mysql/  ftp/ caching dns/ time/ outgoing mail and nfs server
> I only want web/ftp to be available from red
>
> All other services is for green (and yellow) network
>
> I have several machines on green (So i guess i want NAT there)
> One Linux server with NFS
> Three linux ones running gnomemeeting amsn and licq
> Two windows ones running Netmeeting, MSN, ICQ
> All machines run bittorrent, limewire and dc++
>
> I want ssh access to all boxes
> I want to be able to run all communicationservices from arbitrary box.
> All internal boxes shall use time/ dns/ outgoing mail om the dmz server
>
> The firewall is to be locked down for user login only via ssh.
> Anything to be done is sudo'ne
> (note to self, find out how to lock ssh to userlogin only)
> But i want access from red to firewall so i can "jump" to green and yellow
> if needed.
>
> I want as full access as possible from green to red
>
> I have read the SuSEFirewall2 docs in
> /usr/share/docs/packages/SuSEFirewall2 but i cant figure it out..
> What so set, what to add/remove..
>
> Any pointers on where to start learning?
> Any pointers on how to set it up?
>
>
> --
>          /Rikard

Shorewall firewall at www.shorewall.net. Much easier to understand and setup 
than SuSEfirewall2. Lots of example files for various configurations, very 
good documentation. Author uses SUSE 9.1 Pro. Combined with Webmin its very 
easy to get setup and running.

Stan

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here