HPE Community
Operating System - Linux
1840180 Members
3916 Online
110162 Solutions
New Discussion

RH as Firewall

 
K.C. Chan
Trusted Contributor

‎03-12-2002 02:33 PM

‎03-12-2002 02:33 PM

RH as Firewall

Gururs, I want to use RH as my Bastion Firewall. But first I want to know if this is feasible? I don't know how it forward the routes if I implement this between my router the switch? Do I need to change the default route, pointing to the router and change it to point to the firewall?

If I don't need to change the default route (currently pointing to the cisco router), Then how do make it so that the firewall forwards routes to the cisco router?

Lastly, would iptable work? or should I use smoothwall, heard good things about it.

Thanks.
Reputation of a thousand years can be determined by the conduct of an hour
0 Kudos
Reply
2 REPLIES 2
Stuart Browne
Honored Contributor

‎03-12-2002 02:50 PM

‎03-12-2002 02:50 PM

Re: RH as Firewall

Well, I know I'm certainly using a RH7.1 box at home as my Firewall.

My network topography is nice enough that the data has no choice but to go through it before getting to the Internet (two network cards, ADSL router on one, LAN on the other).

It only uses IPTables (very powerful tool set!) for the firewalling.

The idea is you tell your workstations to use your Linux box as it's gateway, and your linux box to use your router as it's gateway.

I've never heard of smoothwall however. With reguards to firewalling, I still think it best to stick with what you are comfortable with.

Hope this gives you a decent start..
One long-haired git at your service...
0 Kudos
Reply
Christopher C. Weis
Advisor

‎03-12-2002 02:57 PM

‎03-12-2002 02:57 PM

Re: RH as Firewall

Depending on how you configure your internal network, you may or may not need to tweak some routing tables.

Probably the most common way most people set up "Bastion" firewalls is with a gateway machine with two interfaces. The external interface has a routable IP address. The internal interface has a non-routable IP address. One such as 192.168.x.x or 10.x.x.x. If this is what you want to do, you won't need to alter any routing tables, because you'll be doing NAT (network address translation)/ip masquerading. From the outside world, everything coming from any of the internel computers will appear to be coming from the external routeable ip address of the gateway machine.

However, if you want to have routable IP addresses on the inside of the gateway machine, you'll have alter the routeing table on you router and on machines on the inside of the gateway machine. I won't go any deeper into this since I'm not sure exactly what you're asking.

As for iptables, I have had GREAT success with it. It's a powerful tool that you will learn to love. Best of luck and I hope I've been helpful.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.