[Courses] [Security] Firewalls: Ipchains syntax and implementation

Hamster hamster at hamsternet.org
Mon Apr 8 22:04:55 EST 2002 

Hey Blitzcat!

> Can you send the current Ip chains rules that you have configured on Firewall 1.

Umm nope :) I dont have anything configured on FW1. Theres nothing physical here at all, I was just trying to make a start on completing the firewalling exercise that Raven set as part of the security course.

> Just to clarify something, so you have physically 2 firewalls in place FW1 and FW2.. OR

Well that too is negotiable. I dont fully grasp the DMZ, but the understanding I had was that you have an outer firewall, and another one between the DMZ and the internal network. That allows the DMZ to be semitrusted, and FW2 to really be the bouncer at the door (so to speak) before allowing stuff in to the internal network. I'm hoping that by mentioning what my understanding of the DMZ thing is, I can be told by the others on this course if I have lost the plot or not.

>Don't change the inside address unless you make the change to your WINS server.

Once again I am not sure if my undestanding of wins is correct, but I thought that if I change the ip address of the file server, once it is put back on the network (ie rebooted) it will register its name and (new) ip address with the wins server, and you dont need to manually update update anything at all.

> If you are going to bring in VPN remote access to this box, what type of solution will you be looking at? Ipsec, RAS on the box itself, terminating on the FW box..?, PPTP, L2Tp. Just keep this in the back of your mind.

Thats a good question, and one I cant answer. This time its a case of I understand the concept of a VPN, how it works etc etc, but as to actually implement it? For this I am relying on the guidance of the people in this course. I have an understanding of the protocols you mentioned, but dont know enough to be able to argue in favour of the use of one as opposed to another. 
 
> Anyway, look forward to seeing your ip tables.

I'll have a go at writing some iptables rulesets when we begin doing tables as opposed to chains. I dont want to confuse my head even more :)

Thanks for input !!

Hamster

:-)

More information about the Courses mailing list