Hello again. Suppose I have the following setup: |-----------| |-----------| LAN<--|---eth0 ---| <------LINUX Router-------> |---eth1 ---|------>INTERNET |-----------| |-----------| eth0 = 192.168.0.1 (LAN) eth1 = 194.105.23.2 (INTERNET) As a basic configuration my Linux box is in fact a NAT box and an "iptables-based" firewall. The box works excellent for protecting my LAN. Now, I have bought a class of 8 IP''s (real ones). Those IP''s were routed by my ISP to my little Linux box. I have assigned 5 of these 8 IP''s to some computers in my LAN, as they need real IP''s on them. One of them is placed on an alias to eth0. (eth0:0 = 213.154.255.209). The new gateway for these 5 computers is in fact 213.154.255.209 (eth0:0), and as far as my judgment goes they are completely exposed to attacks. Is there any possibility to make my Linux box work as a firewall, not only for the NAT-ed machines, but also for these 5 computers that have real IP''s? Thanks in advance. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
You can, but you will need a third NIC in the machine to make it clean. http://bridge.sourceforge.net/ This site has a lot of reference material in order to actually pull it off. Basically, you place the 5 PC''s on their own network with your existing Firewall with the new third NIC plugged into it. The Firewall forwards (bridges) any traffic sent to your public IP computers. The internal bridging logic of Linux once configured will route those packets to the third interface transparently. The only effective change here is that now you can control the channel between those computers and the internet, hence allowing for those machines to be firewall protected.>Is there any possibility to make my Linux box work as a firewall, not >only for the NAT-ed machines, but also for >these 5 computers that have real IP''s?_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Howdy all, I am looking at getting some bandwidth stats from my qos system and I would like to pull them into a system like Cacti. Are there any MIB''s for iproute or iptables to monitor the bandwidth of each connection that is passing through my bandwidth manager. Thomas _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Monday 22 September 2003 07:02, Thomas Switala wrote:> Howdy all, > > I am looking at getting some bandwidth stats from my qos system and I would > like to pull them into a system like Cacti. Are there any MIB''s for > iproute or > iptables to monitor the bandwidth of each connection that is passing > through my bandwidth manager.I have some snmp scripts that you can use. They are part of the GUI tar package that can be found on docum.org. You can use them seperatly. The problem is that it uses te tc command to get the stats. A direct approach (through the /proc file system or kernel calls) will be faster. Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.openprojects.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/