Find the answer to your Linux question:
Results 1 to 3 of 3
Okay, I read and followed the instructions in the sticky on routers, but they did not help me, although I do think Firestarter is a great tool. I work for ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2004
    Location
    Montrose, CO USA
    Posts
    7

    Firewalling and routing between two internal subnets


    Okay, I read and followed the instructions in the sticky on routers, but they did not help me, although I do think Firestarter is a great tool.

    I work for a county IT department, and we want to connect two separate internal subnets (192.168.205.x, which is our DMZ, and 192.168.11.x, which is the other network connected via wireless link). I want the following ports to forward from the 205.x side to the 11.x side:

    512,513,514,6400,10000

    Basically, packets from these ports from the 205.x side should forward to the 11.x side on the same ports. All other ports will be blocked, to be opened as necessary (23, for example).

    I have already enabled IP Forwarding in the kernel (cat /proc/sys/net/ipv4/ip_forward = 1), and both NICs can talk to their side of each subnet (I can ping machines on each side from the router/firewall itself).

    I have set up Firestarter and I set the internal network as the 205.x side, and the external as the 11.x side. I then set port forwarding for the above ports, then I opened the above ports as well.

    Nothing on the 205.x side can see the 11.x side.

    Is there something here that I'm missing?

    Thank you very much for the help.

    (One of the things I've noticed is all of the firewall and router setup docs I've found focus strictly on an internal network -> Internet setup. Nothing seems to detail what to do for two internal subnets.)

    EDIT: Okay, stupid me forgot to say anything about the distro I'm using. It is Red Hat 9, stock from the discs.

  2. #2
    Just Joined!
    Join Date
    Apr 2004
    Location
    Colorado
    Posts
    9
    maybe a nat rule to access external addy from the 205.x side passing packets thru the dmz to the 11.x side.

  3. #3
    Just Joined!
    Join Date
    Apr 2004
    Location
    Montrose, CO USA
    Posts
    7
    Thank you for the reply. I'll definitely be studying NAT in a little more detail. There's a lot of stuff to iptables, that's for sure...

  4. $spacer_open
    $spacer_close

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •