[ale] turn linux into a router??

Mazukna, Thomas Thomas.Mazukna at delta.com
Thu Aug 2 12:33:29 EDT 2001


this can be accomplished with standard linux.
all you need is static routing to route incoming packets from eth0 to
network on eth1.
this will allow 1.2.3.2-3-4 to be accessible from internet on all ports.

everything else is firewall rules to limit what ports can be accessed:
all default policies to reject.
from any to 1.2.3.2 port 53 accept on eth0
from any to 1.2.3.4 ports 80/442/21 accept on eth0
this limits the access to specific ports on specific machine. you will need
more than that 
to allow outgoing connections from those hosts plus logging of traffic to
closed ports, etc.

I did similar setup ages ago...
If you need more info drop me a line to tomasATusermailDOTcom

Tomas

-----Original Message-----
From: djinn at djinnspace.com [mailto:djinn at djinnspace.com]
To: ale at ale.org
Sent: Thursday, August 02, 2001 12:06 AM
To: ale at ale.org
Subject: [ale] turn linux into a router??


Here's what I need to do:

assume: machine with eth0   a.b.c.d     and eth1  1.2.3.1   (both
external ranges)
assume: three machines with external range IP 1.2.3.2 - 1.2.3.5
network:
                            INTERNET
                                        |
                                a.b.c.d (eth0)
                                1.2.3.1 (eth1)
                                        |
                                        |
                    ----------------
                    |                    |                        |
            1.2.3.2            1.2.3.3            1.2.3.4



-take requests on port 53 and route them to 1.2.3.2:53
-take requests on ports 80/443/21 and route them to 1.2.3.4
-stateful inspection of packets (I've already got this bit in
place...using iptables and some custom rules based on bastille)

Please note, both network a.b.c.d and 1.2.3.4-5 are externally visible
IP addresses, in other words, a.b.c.d site in front of 1.2.3.4 to act
as  a firewall but 1.2.3.4 is visible from the outside.

I've looked at the Linux Routing Project but it seems to be overly
concerned with NAT...which isn't *exactly* what I'm doing since people
from the outside will be querying 1.2.3.x directly with no knowledge of
a.b.c.d, and receiving responses from 1.2.3.x directly...so a.b.c.d
needs to be transparent here to this process.

I'm so confused.  I'm not 100% sure exactly what I need to accomplish
this.  And I want to do it with a linux box.  And I need to have it done
days ago. ;)
If it helps any, we've got one IP assigned from our co-lo on the a.b.c.d
range, and then 4 IP's on the 1.2.3.x range that expect to use 1.2.3.1
as the gateway back to the internet.

Help???
TIA
jenn

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message
body.
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list