[NCLUG] Firewall question

Marcio Luis Teixeira marciot at holly.colostate.edu
Fri May 17 00:53:33 MDT 2002


I sort of figured out a quick answer to the question I posted earlier. I 
added this to my iptables config script:

   /sbin/iptables -A INPUT -i eth1 -d 0/0 -p all -j REJECT

Anyhow, this seems to be a good stopgap measure, but there is the side effect 
that the "firewall" machine now cannot talk to the outside world directly 
(well, it can, but it can't get back a reply). So now I have the awkward 
situation where machines in my internal network can speak freely through the 
firewall, they can also contact services running on the firewall, but 
processes running on firewall itself can only speak with the internal network 
and not at all with the outside world (I suppose if my "firewall" needs to send a 
message to the outside world, it could "ssh" to one of the machines in the 
internal network and tunnel through itself that way, but that would be very 
strange indeed).

So, my only remaining questions are: Do you guys see any pitfalls with I am 
doing? And is there a better way to do what I am trying to do?

Marcio Luis Teixeira



More information about the NCLUG mailing list