[NCLUG] Firewall question
Marcio Luis Teixeira
marciot at holly.colostate.edu
Fri May 17 00:53:33 MDT 2002
I sort of figured out a quick answer to the question I posted earlier. I
added this to my iptables config script:
/sbin/iptables -A INPUT -i eth1 -d 0/0 -p all -j REJECT
Anyhow, this seems to be a good stopgap measure, but there is the side effect
that the "firewall" machine now cannot talk to the outside world directly
(well, it can, but it can't get back a reply). So now I have the awkward
situation where machines in my internal network can speak freely through the
firewall, they can also contact services running on the firewall, but
processes running on firewall itself can only speak with the internal network
and not at all with the outside world (I suppose if my "firewall" needs to send a
message to the outside world, it could "ssh" to one of the machines in the
internal network and tunnel through itself that way, but that would be very
strange indeed).
So, my only remaining questions are: Do you guys see any pitfalls with I am
doing? And is there a better way to do what I am trying to do?
Marcio Luis Teixeira
More information about the NCLUG
mailing list