Re: how to configure linux in production line

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Gonn Star wrote:

I am new in linux world,basically I'm using red hat 9
kernel 2.4.20-8. I need to build a trusted gateway. my
Whoa! You are starting out with something very old and bug-ridden. You should scrap that and switch to a current release, whatever distro you may choose.
Quite a few of those old bugs can bite very hard, including root compromises. Being new, did you know how to update for security? Sure, there's Fedora Legacy which may or may not be supporting the old stuff with updates, but that is intended for people who have long-running stable servers ... not to entice new users to RH 9. 


linux box will be the gateway for several machine PCs
to go to the desired server. there will be several
subnets under the linux box, I've already assigned
static IPs for the PCs . Now my problem is I only need
2 PCs from each subnets to connect to certain servers,
and those 2 PCs can only have transaction(open) to the
specified servers, for others it will
drop(firewalled). for other PCs, they can't log on to
the outside world. should I use only iptable rules or
with the help of squid(ACL) as well ?
You do not seem to understand that HTTP is just one of many TCP/IP protocols, and yet you want to set up complex networking controls. Anyone who knows more than you do would likely find it a trivial task to get around your controls. 


please add up the commands as well. Thanks.
Specific questions which show that you have tried will tend to be better-received than generalised requests for spoonfeeding. I do things like this for a living, and I do not have time to earn your living as well.
You mention "production" which implies that this is needed in a business setting. If so it's probably worth it to the business owners to pay for expertise. You can't learn everything you need to know, overnight.
For you, I would recommend starting with the basics. There are good HOWTOs at netfilter.org which might help. 
--
    mail to this address is discarded unless "/dev/rob0"
    or "not-spam" is in Subject: header
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux