[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Firewall design

Subject: [ale] Firewall design
From: cfowler at outpostsentinel.com (Christopher Fowler)
Date: Wed Jun 1 09:25:20 2005
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]>

On Wed, 2005-06-01 at 09:07, James P. Kinney III wrote:

> So you have one real IP on the firewall box and virtual IP's that are
> directly routed to the real box's private IP.
> 
> "iptables -t NAT -I PREROUTING -d <public IP> -j DNAT --to-destination
> <private IP>"
> 
> There will be no filtering at all on this.
> 
> Then add a back route:
> "iptables -t nat -I POSTROUTING -s <private IP> -j SNAT --to-source
> <public IP>"
> 
> It would be good to modify those rules by making a series of tables that
> filters out the crap before just routing all the bandwidth to the work
> machines.

Thats is an interesting idea.  Does this have any limitations?

References:
- [ale] Firewall design
  - From: transam at verysecurelinux.com (Bob Toxen)
- [ale] Firewall design
  - From: cfowler at outpostsentinel.com (Christopher Fowler)
- [ale] Firewall design
  - From: jkinney at localnetsolutions.com (James P. Kinney III)

Prev by Date: [ale] Can anyone help me get the Rox Filer to work with E inSUSE9.1
Next by Date: [ale] NO ALE CENTRAL MEETING for JUNE.
Previous by thread: [ale] Firewall design
Next by thread: [ale] Firewall design
Index(es):
- Date
- Thread