1

I want to configure a dedicated Linux server as a router for protecting dedicated servers with public IPs.

I have 6 dedicated servers and I want to add a router/firewall to protect them.

I will use another server with two network cards (eth0 and eth1) as a dedicated router.

All dedicated servers must have incoming and outgoing Internet access for all ports.

How can I configure this to work?

example of IPs I have:

172.17.17.1 (local IP for data center router internet/gateway)
172.17.17.2 (local IP for one network card eg. WLAN)
85.172.50.43 (dedicated public IP eg. for LAN)

Servers:

85.172.50.44
85.172.50.45
85.172.50.46
85.172.50.47
85.172.50.48
85.172.50.49

Topology of network:

  1. Internet
  2. data center router
  3. my router/firewall
  4. my switch
  5. servers connected to switch
wfaulk
  • 6,828
  • 7
  • 45
  • 75
routing
  • 11
  • 1
  • If all servers must have incomming and outgoing internet access for all ports...what do you expect the firewall to do? – Grant May 09 '12 at 01:48

3 Answers3

3

I suggest that rather than trying to do this from scratch you use one of the dedicated firewall distros, such as Smoothwall or pfSense.

John Gardeniers
  • 27,262
  • 12
  • 53
  • 108
1

You are not really looking only for routing but also for NATting (in case the protected servers should get RFC1918 IPs) or for an actual firewall in combination with a router (in case the servers should keep their public IP). Routing will only route packets between different networks, you have no access control or filtering possibility whatsoever.

For starters you could take a look at ipcop which is a linux distribution which can be configured as router/firewall. You could also use iptables which is far more powerful than the default IPcop but also far more complicated.

EEAA
  • 108,414
  • 18
  • 172
  • 242
leepfrog
  • 488
  • 2
  • 9
  • tnx on answer i know something about iptables and firewall but not good with networks and routing, do you maybe know what can i do/type to make this router work? I have tryed something like this (test home lan) but cant ping all ips: route add -net 172.17.17.0 netmask 255.255.255.0 gw 192.168.1.1 route add -net 192.168.1.1 netmask 255.255.255.0 gw 172.17.17.1 – routing May 08 '12 at 20:37
  • Well this really depends on the setup you are using. But the most crucial thing is that you need tell your router to actually perform routing. On Windows you have to configure "Routing and RRAS", on Linux you have to type `sysctl -w net.ipv4.ip_forward=1` – leepfrog May 08 '12 at 20:41
  • i have alredy enabled ipv4 forwarding. – routing May 08 '12 at 20:53
-2

Have you considered using Untangle?

Tom Golebiewski
  • 1
  • 2
    Generally we prefer more detail in an answer than this. You should update this answer with reasons why untangle is a good fit and what features it offers the OP. – MDMarra May 09 '12 at 01:48