Re: About Firewall configuration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> Dear All,
>
> I want to know MUST the Server machine BEHIND the linux firewall /
> router machine, then it can be assign ( use ) PRIVATE IP to instead of
> PUBLIC IP ?
> Dear All,
>
> I want to know MUST the Server machine BEHIND the linux firewall /
> router machine, then it can be assign ( use ) PRIVATE IP to instead of
> PUBLIC IP ?

I am not sure I understand the question.

If you are asking:

If a machine has to be behind a NATed firewall before you can assign a
private IP address.  The answer is yes and no.  If you want to have
several machines to have access to the Internet and only one IP, then you
would need to use Network Address Translation.  Then you could use one of
the private IP address ranges for all of the machines on your internal
network while only having a single box directly exposed to the Internet. 
This is not the same as a true firewall though because it really doesn't
HAVE to block any traffic.  So the box would really be just a router.

In cases like this, I have found it best to have two NICs in the box that
has Internet access.  That way, you can use one NIC for external and one
NIC for internal traffic.

Here is a simple script that I think would work.


IPTABLES=/sbin/iptables
EXTIF="eth0"
INTIF="eth1"
$IPTABLES --table nat --append POSTROUTING --out-interface $EXTIF -j
MASQUERADE
$IPTABLES --append FORWARD --in-interface $INTIF -j ACCEPT
echo "1" > /proc/sys/net/ipv4/ip_forward




-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux