Hot Downloads



The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1

TOPIC: three-legged firewall ...

three-legged firewall ... 17 years 3 months ago #220

  • MWE
  • MWE's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 2
  • Thank you received: 0

I am currently trying to have a firewall with a DMZ in place using Debian and Ipchains.

I found a lot of informations in various HOWTO's and sites about Firewalling, Ipchains, Security,...

But I did not find complete examples or description for a three-legged firewall. What I found was related to Ipchains or general description for a two-legged fw.

Mainly, my setup if fine for the internal network (I tested it via several scanner without having holes or openings). So, I am happy... but it is nearly impossible to allow Internet users to access an apache web server on the DMZ. Even reading a lot of info about ipmasqadm and portfw, I was unable to open access to the web server...

I am a little bit lost. Does anyone have some example about identical topology or some links providing such information?

Many thanks in advance.


PS : the information of the various firewall configuration on this site is really well described.

three-legged firewall ... 17 years 3 months ago #221

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Administrator
  • Posts: 1447
  • Karma: 8
  • Thank you received: 13

First starters, why would you want to use IPchains ? I was using IPchains around 2 years ago and made t he switch to IPtables.

There are considerate advantages using IPtables in contrast to IPChains.

Secondly, IPchains do not support statefull packet filters, whereas IPtables does. Statefull packet filtering means that each packet passed through the firewall is examined and the appropriate reponse packet is expected. This was the firewall keeps track of your outgoing/incoming packets.

Thirdly, IPtables is alot more flexible and easier to work with. The logical structure of the chain model is different from that which IPChains uses. You are able to port forward to an internal machine with a simple command. where as with ipchains, it was very messy.

Lastly, IPtables is the new "in" thing, which is working fine for everyone. I've used it for custom firewalls used with Internet banking machines and its worked just fine. Stick with the new stuff and dont get bogged down with the old stuff !

In cases you didn't notice on the homepage, there will be heaps of information which will cover IPtables and various configurations.

For now, I can only point you to sites: (home of iptables)- contains heaps of information and examples to get you started. (do a search for iptables)

Hope this helps.

Cheers, [img]images/smiles/icon_cool.gif
Chris Partsenidis.
Founder & Editor-in-Chief

three-legged firewall ... 17 years 3 months ago #222

  • MWE
  • MWE's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 2
  • Thank you received: 0

Well, that's a very long story...

But you are true : I was able to find thousand of infos about iptables.

Port forwarding seems very difficult with Ipchains...

I will thing to migrate to iptables..

many thanks for your help

Cheers, Michel
  • Page:
  • 1
Time to create page: 0.104 seconds


Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V


  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup