On Fri, Dec 31, 2010 at 10:19 AM, Roland RoLaNd <r_o_l_a_n_d@xxxxxxxxxxx> wrote:
> Secondly, i'm trying to setup a centos 5.4 to act as:
>
> 1. firewall # can you check my config below and tell me if i missed anything?
> 2. DHCP # already configured
> 3. transparent squid proxy # already configured
> 4. http (virtual hosts) # in the near future
> 5. squirrelmail # in the near future
>
> - Relevant info:
>
> Two NICs:
>
> eth0 LAN: with dhcp service: 192.168.57.1(255.255.255.0) # my lan users are connected to this interface
> eth1 WAN: static: 172.16.2.14 gw/172.16.2.13 (255.255.255.248) # My isp is connected to this interface
>
> I want my firewall to do the following:
>
> 1. get my box to be completely secure from outside access, in other words deny all access from the outside world to my box &/or my LAN
> 2. allow my LAN users to access the internet/ box without any restrictions, through a transparent squid installation
So you are only allowing http and https transparently through squid?
The reason I ask is you only showed the firewall rules not the nat
table. Otherwise you need to setup nat masquerading to allow other
connections out.
Have you though of virtualizing your firewall with a purpose built
distribution like Vyatta or pfSense? I have taken this approach with
my setup. I find it makes updates easy and provides better uptime. I'm
running everything on ESXi and have a handful of virtual machines.
- Vyatta Firewall
- CentOS 5.5 Web Server and MySQL
- CentOS 5.5 Zimbra Email
- CentOS 5.5 DHCP and DNS
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
