Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Bridging Firewall

Status
Not open for further replies.
Borvik

Borvik

Programmer
Jan 2, 2002
1,392
US
Hey all, back again with another firewall question.

After doing some digging through Google, I was able to find some documents to help me setup a bridging firewall.

I am using RedHat 9 with iptables. I was able to successfully test the firewall with services on the local machine (the firewall itself) by turning off the firewall and telnetting and sshing into it - and then turning it on and only being able to ssh into it.

All the IPs are in the same subnet. Example:
Router - 25.25.25.1
Firewall(external) - 25.25.25.221
Firewall(internal) - 25.25.25.222
A Machine Behind Firewall - 25.25.25.146

They all have to be in the same subnet in order for our servers to be visible to the net, but I want it firewalled - hence the bridge.

I hooked up our router directly to the firewall, and then I couldn't get out to the Internet on any machine. Here is a diagram of our setup.

Router
|
|
Hub
|-------Dial-in Server
|
|
Switch---Client Machine
| |
| |
Firewal

That is what it was while I was setting it up. During the test it was the following.

Router
|
|
Hub---Dial-in Server
|
|
Firewall
|
|
Switch---Client Machine

I wrote a couple of scripts for setting this up. I'll post those in the next post.
 
Sort by date Sort by votes
Here are the scripts
Code: 
modprobe ip_tables
modprobe ip_conntrack

echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp

service iptables stop

ifconfig eth0 down
ifconfig eth1 down

ifconfig eth0 25.25.25.221 netmask 255.255.255.255
ifconfig eth1 25.25.25.222 netmask 255.255.255.255

ifconfig eth0 up
ifconfig eth1 up

route add 25.25.25.221 eth0
route add 25.25.25.222 eth1
route add 25.25.25.146 eth1
route add 25.25.25.1 eth0
route add default gw 25.25.25.1

service iptables start
That sets up my bridge - which I haven't been able to test yet, and the following is my iptables file.
Code: 
*filter
-A INPUT -i lo -p all -j ACCEPT
-A OUTPUT -o lo -p all -j ACCEPT
-A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp --tcp-option ! 2 -j REJECT --reject-with tcp-reset
-A INPUT -p tcp -i eth0 -d 25.25.25.146 --dport 25 -j ACCEPT
-P INPUT DROP
COMMIT
[code]

Can anyone see anything wrong with the above scripts?  Should they work or is there something else I need to do?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

nyck
  • Locked
  • Question
RHEL6.3 firewall issue
Replies
3
Views
180
nyck
nyck
fzx5v0
  • Locked
  • Question
IPTables outgoing firewall rules
Replies
1
Views
182
minicompbx
minicompbx
Argonto
  • Locked
  • Question
Accessing Website behind firewall through another website on the same network
Replies
1
Views
121
normntwrk
normntwrk
bazil2
  • Locked
  • Question
Configuring a firewall to accept SFTP incoming 2
Replies
3
Views
118
ChrisHirst
ChrisHirst
DrB0b
  • Locked
  • Question
Creating a "Hardware" firewall w/ Debian 6.0.3
Replies
3
Views
113
Noway2
Noway2

Part and Inventory Search

Sponsor

Back
Top