Menu
▾
▴
[Shorewall-users] Two Newbie Questions. One About Virtual Addresses And The Other About IP-Chains
|
From: Francesca C S. <Sys...@la...> - 2002-01-20 01:08:09
|
Hiya, I am new to using Shorewall and well am impressed. Ok here are the = questions. I run a hosting server running Red-Hat 7.2 with all latest = patches installed. Iptables version 1.2.4, Kernel 2.4.9-13. I start up = shorewall with the following configuration params file configuration. I = run one virtual host on this machine to serve up name based Apache Web = Sites. The address's are 216.25.199.137 for eth0 and 216.25.199.138 for = eth0:0. I require all the following ports to be accessible on eth0 from = outside. I only need 80,443 and 3306 for eth0:0 accessible from outside. = From inside only 20,21,22,53,123 need to access the local subnet = 216.25.199/24. Inside hosts on sub-net 216.25.199/24 only require = 20,21,22 access to this host. Im thinking I need local zones for the = internal sub-net with 216.25.199.138 being excepted. Im thinking I need = a dmz zone for 216.25.199.138. And all eth0 needs is a better thought = out port access config than the simple one below. (Ftp Less UDP access = Etc Etc). All I am asking is am I thinking in the right direction = here.?? I can toy with and learn the best config just need a starting = point. I have looked all over the archives and really don't see much on = iptables and virtual hosts. I am working off the sample one interface = templates provided at the shorewall web site. NET_IF=3Deth0 NET_BCAST=3Ddetect NET_OPTIONS=3Dnoping,norfc1918 TCP_PORTS=3D20,21,22,25,53,80,110,123,443,3306,10000,10001 UDP_PORTS=3D20,21,22,25,53,80,110,123,443,3306,10000,10001 On another point .. Ip-Chains can be shut off I figure or does it even = do anything but take up CPU cycles with ip-tables and netfilter ?? Thank You, Francesca C Smith SysAdmin Lady Linux Hosting And Consulting sys...@la... |