Firewall Feature Questions - Linux

This is a discussion on Firewall Feature Questions - Linux ; In the original question below, what feature is it called that I would be looking for that enables me to map public ip to private ip internally for certain ports? If anyone has experience with WatchGuard and the most simple ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Firewall Feature Questions

  1. Firewall Feature Questions

    In the original question below, what feature is it called that I would be
    looking for that enables me to map public ip to private ip internally for
    certain ports?

    If anyone has experience with WatchGuard and the most simple and basic for
    the feature I am looking for - what would you recommend?


    ..........................



    The router (pseudo firewall - really NAT) maps 3 PUBLIC IP / External
    Address (our mail, web site, and FTP) to 3 of the Internal Servers. It does
    a one to map mapping.

    Server 1=Exchange 2003/Outlook Web Access(port 80,443) - (public ip
    100.100.100.100 to private 192.168.1.10);
    Server 2=Sharepoint Portal 2003/Project Server 2003(port 80 and 443) -
    (public ip 100.100.100.101 to private 192.168.1.11);
    Server 3=FTP Site and MS PPTP VPN (port 21,1721) - (public ip
    100.100.100.102 to private 192.168.1.12);

    My GOALis to get a Linux firewall that is SIMPLE to use to place between the
    internal network and our Internet router. Also, it has to be able to route
    traffic destined on public ip xxx.xxx.xxx.xxx to private ip xxx.xxx.xxx.xxx-
    same as 1 to 1 NAT mapping but more locked down due to firewall features.
    Because multiple servers have port 80 and 443, I can't just do port
    forwarding. It must be intelligent enough to see the URL/URI to forward to
    the right box.

    Hope this made sense.

    What would you guys suggest in terms in the Linux distro with this
    capability, and how I should set it up?

    Thank you!



  2. Re: Firewall Feature Questions

    Mike Allen wrote:

    > In the original question below, what feature is it called that I would be
    > looking for that enables me to map public ip to private ip internally for
    > certain ports?


    Port forwarding, port redirection, port-based NAT, or service NAT (on
    Fireboxes ;-).

    > If anyone has experience with WatchGuard and the most simple and basic for
    > the feature I am looking for - what would you recommend?


    Erm.. those two statements are almost mutually exclusive - how on Earth
    do you expect a simple and basic solution using $2500 hardware ? ;-)

    Put down a spare Pentium with 64MB and download m0n0wall
    (www.m0n0.ch/wall) - it's a stripped down FreeBSD with basic IP
    filtering capability that runs on anything from a 486 up.

    Any Linux/BSD firewall distro can do this.

    And no, you /don't/ need more than port forwarding, since each of those
    services runs on a different public IP - which is trivial to set up a
    mapping for.

    As you wrote, you already have it working *now* - so why wouldn't it
    work when you lock it down more securely ?

    If you want more detailed tips, post more detailed info - it's not all
    that clear what you want to achieve.

    Oh BTW f'up set.


    --
    J

    Where does the **** go ?

  3. Re: Firewall Feature Questions

    Iptables port forwarding can do this. You might try Smothwall
    Linux. I'm using Slackware for my firewall but I'm not doing port
    forwarding.

    David
    --
    http://howto.mainstreamlinux.com

  4. Re: Firewall Feature Questions


    port forwarding is the place that you want to start......
    original warnings apply tho'

    if you are messing with a live corporate network, you are begging fo
    trouble.

    take a look at both ipcop and smoothwall to get an idea of what yo
    need to do

    good luck!

    ~

    -
    kr0m3 - supervillia

    When the power of love overcomes the love of power the world will kno
    peace.
    Jimi Hendrix (1942-1970)

    -----------------------------------------------------------------------
    kr0m3's Profile: http:/linuxcult.com/forum/member.php?action=getinfo&userid=136
    View this thread: http://linuxcult.com/forum/showthread.php?threadid=909


+ Reply to Thread