[ale] Stupid Firewall Tricks

Randy Janinda randy.janinda at ndcorp.com
Wed Jun 21 12:10:45 EDT 2000


On Wed, Jun 21, 2000 at 11:49:31AM -0400, Hunter Eidson decided:
> Hi Everyone!
> 
> Here at work, I need to set up a firewall machine to protect a single NT
> server.  I won't go into the painful details why it has to be protected this
> way, it just does.  I've built a Mandrake 7.1 box that can route packets
> between the NT server and the outside world just fine.  When I start
> restricting the hosts that are allowed to connect to it with ipchains, I can
> get to the firewall from only the machines I specify, but now none of them
> can reach the NT box.  I'm only using the INPUT, OUTPUT, and FORWARD default
> chains, and I'm guessing the INPUT and OUTPUT chains are working since I can
> still get to the firewall w/o problems.  Included below is my script for
> setting the ipchains up (with IPs modified slightly).  Any suggestions would
> be helpful...
> 


Obviously the NT box has the firewall as the default gateway, thus any attempts
to connect directly to the NT box will fail since packets will be routed back
through the firewall and disappear into oblivion. So, you have to connect to the
NT box via the firewall. Your firewall is currently only setup to allow packets
in and out accordingly, nothing more. So what you need is a little "ipmasqadm"
(check freshmeat) to handle port-forwarding. This will allow you to forward
requests to port X on the firewall to port X on the NT machine.

Hope this helps, if not I can go into more detail, just be sure to get ipmasqadm.

Randy Janinda

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list