Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19
DNS / FIREWALL / SQUID/ DMZ security
Results 1 to 5 of 5

Thread: DNS / FIREWALL / SQUID/ DMZ security

  1. #1

    Exclamation DNS / FIREWALL / SQUID/ DMZ security

    Hi everybody:
    I am new with Linux. I did a lof of reading and I found this forum very interesting as far as help.

    I kind of understand the theory of firewall and ACL but i need concret facts:

    I have a FC4 DNS with 3 NICs: Internet, DMZ, Internal.

    I want to have the DNS box setup as a DNS and Firewall
    with Squid. This Linux box will be the interface with the outside world.
    I want this linux box as secured as possible.

    My DNS works fine. From my DNS box, I can ping my
    internal network and the DMZ and the internet. I can access to the internet.

    from my DMZ, I can ping the DNS box on all its interfaces, but cannot ping or nslookup outside such as "ping www.yahoo.com"

    from my internal i can ping DNS box but cannot "ping www.yahoo.com" or "nslookup"


    Can someone help me on that?

    thank you.

  2. #2
    Moderator
    Good Guru
    Compunuts's Avatar
    Join Date
    May 2001
    Location
    California
    Posts
    3,935
    Make sure you have NAT turn on.

    Check /etc/resolv.conf . There, put in the DNS server address.

    Also check and make sure you have default gateway options in your NIC's config area.

    HTH ....

    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    - The truely community run Linux/Floss forum !

    No IT BS !!

  3. #3
    Hi Compunuts:


    I rebuilt from scratch everything to have clean FC4 machines.

    The marchines are:
    1x FC4 with DNS only
    1x FC4 (future Web server, not install yet)
    1x Windows XP

    DNS Machine:

    The DNS box has 3 NICs: External, DMZ, Internal. Here is below the config.

    External config:
    IP : ISP address
    Subnet : ISP subnet
    Gateway: ISP gateway

    DMZ config (for web server):

    IP : 192.168.1.20
    Subnet : 255.255.255.0
    Gateway: ???

    Internal config:

    IP : 192.168.2.20
    Subnet : 255.255.255.0
    Gateway: ????


    FC4 - Future Web Server

    1x NIC:
    IP : 192.168.1.21
    Subnet : 255.255.255.0
    Gateway: 192.168.1.20

    Windows XP machine:
    1x NIC:
    IP : 192.168.2.21
    Subnet : 255.255.255.0
    Gateway: 192.168.2.20


    On the DNS box, I can ping all interfaces, and access to the outside world and ping both XP and FC4 future web server machines.

    ON the FC4 future web server: I can ping 192.168.1.20, 192.168.1.21 and 192.168.2.20 but not the 192.168.2.21 (XP). Also when pinging www.google.com, the result show the google's ip address but stuck there.

    ON the XP, the same think: can ping the DNS box at: 192.168.2.20, 192.168.2.21, 192.168.1.20 but not 192.168.1.21

    ON the FC4 (Web SErver)
    The /etc/resolv.conf has:
    search mydomainname.com
    nameserver ISP address


    I would like to have the internal users to access to the internet, email via the DNS box and access the SQL server internally.

    From the outside, i would like the customers access to our web servers which connect to our internal SQL server.

    Aslo, I would like to protect the network with one firewall.

    So far, i just installed the DNS no firewall no web server (apache). Which steps do i need to achieve the goal?

    Thank you for your help.

  4. #4
    Moderator
    Good Guru
    Compunuts's Avatar
    Join Date
    May 2001
    Location
    California
    Posts
    3,935
    So on your DNS box, you are also doing that as Gateway/router?

    You will NEED Firewall to do the job for you (well, it's not 100% correct but you got the point). There are ways to turn on NAT without firewall but it must be done as kernel option. Installing firewall will make your life a lot easier. I personally use Firestarter for its ease of use and GUI config. But on the router box that I have, I use Shorewall which is much more easier to work with in CLI mode since I don't have any X running on my gateway/router.

    HTH ....

    Oh, BTW, you do not need to specify gateway in your DNS's NIC interfaces since it's in the same box.

    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    - The truely community run Linux/Floss forum !

    No IT BS !!

  5. #5
    Hi Compunuts:

    thank you soooo much for the reply. I have been testing the firestarter firewall. it is wonderful. the real time monitor and the ease with which you can enable or disable the inbound traffic. Firestarter is WONDERFUL.

    However, the Shorewall is less graphical and no monitoring system. The concept is more understandable for ACL and the connection flow. Shorewall has several example for Firewall with one , two or three NICs.

    I adopted firestarter.However, i have one more question: firestarter can configure 2 NICs only. How can i put my web, mail servers into the DMZ?



    thanks you again for the great support.

Similar Threads

  1. Replies: 2
    Last Post: 05-26-2014, 09:12 PM
  2. Firewall Security Tutorial
    By Waka-Gashira in forum Windows - General Topics
    Replies: 6
    Last Post: 07-02-2007, 09:15 AM
  3. Firewall Help
    By GhostDawg in forum Security
    Replies: 6
    Last Post: 07-19-2003, 09:04 PM
  4. X over ssh from behind a firewall
    By ph34r in forum Linux - Software, Applications & Programming
    Replies: 3
    Last Post: 06-26-2003, 02:13 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •