Find the answer to your Linux question:
Results 1 to 2 of 2
hi i am new in linux..i have to configure a firewall server for my office.we r using RHEL5.0,we have public ip for web server and mail server..thats ip also use ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2009
    Posts
    1

    Rhel5.0 firewall server for my network


    hi i am new in linux..i have to configure a firewall server for my office.we r using RHEL5.0,we have public ip for web server and mail server..thats ip also use to connect client system for internet access

    Pl see my network arch

    --------------------
    firewall server |
    ext network |
    eth1:61.247.253.235|
    --------------------
    int network |
    eth0:192.168.1.1 |
    --------------------
    |---->web server 192.168.1.2
    |
    |
    firewall server--->|---->mail server 192.168.1.3 (optional)
    |
    |
    |
    |--->Clients for access internet(192.168.1.X)
    Here my requirement,
    1.Web and mail server should be bublished
    2.client can access internet
    3.all ports should be closed,when ping in firewall server from outside network.
    4.all ports should be closed,when ping in firewall server from inside of network(internet access client) except what i mention particular ip,


    now,what should i do?..please help me any body step by step

    thanks
    aamdevan (aamdevan@gmail.com

  2. #2
    Linux User
    Join Date
    Sep 2008
    Location
    UK
    Posts
    358
    Personally, I think it is an overkill to use the latest hardware as a firewall as well as something else. Rather get an old pentium class pc with minimum spec and use a dedicated firewall like smoothwall or one of it's derivatives. All the firewall and forwarding rules are readily configurable.
    If the firewall pc is hacked, that's all you use. The rest of your network is safe.
    To answer your question, use 2 or 3 network cards (depending on internet connection - if it's usb modem, only 2) and assign them to the incoming address (ie dhcp or fixed from isp), an internal zone and a dmz zone for external access for mail and web services.
    Allow routing between internal and isp and isp and dmz. (you will need to set the forwardin rules)
    What services or parts of the internal network you allow access from outside depends on your needs, but external users would collect/access services on the dmz network address. the internal address allows internal users free access, since they shouldn't be a threat.

    For more detailed ideas/setup look at smoothwall.org documentation.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •