Deploying Suse Linux Enterprise Server
 |
Purchase "Deploying Suse Linux Enterprise Server" at Lulu.com |
Configuring the Firewall
- Firewall Yast Module
- Masquerading and Port Forwarding
- Utilizing a Proxy Server
- Internet Filtering and Reporting
Masquerading and Port Forwarding
Another popular role for GNU/Linux Servers within networks is to configure the server to "share" it's Internet connection with the rest of your network (configure it as a router). To do this, ensure that you configure "zones" for all of your network interfaces. Usually you will have one "External Zone" for the interface that is your Internet connection and one "Internal Zone" for your local network (and possibly a "Demilitarized Zone" for other servers).
To "share" the Internet connection (External Zone interface) with your network (Internal Zone interface), simply go to the "Masquerading" section of the Yast Firewall module and check the "Masquerade Networks" box. This will allow you to configure your network clients to utilize your server as a "Gateway" to the Internet. Not only will this allow your clients to access the Internet through your server, but it also gives you an added security layer for your workstations since they will not be "directly" connected to the Internet.
Configuring Network Masquerading and Adding a Port Forwarding Rule
Even though masquerading gives you the benefit of providing a layer between the Internet and your network clients, sometimes you may wish to allow certain services located on one of your workstations or another server to directly communicate over the Internet. To enable this, you "Forward" a port on your firewall computer to the appropriate network client.
So, let's say I have a web server on my network that I want Internet clients to be able to access. What I need to do is go to the "Masquerading" section of the Yast Firewall module and "Add" a "Redirect Request to Masquerading IP". This will open a dialog box that will allow you to specify a port that will be "Forwarded" to another network address on your network. In this case the "Requested Port" will be "80" and the "Redirect to Masqueraded IP" will be the address to the Web Server within the local network.
You should be aware that the "Requested Port" and the "Redirect to Port" do not have to be the same. This may allow you to allow remote access to the SSH ports of your other servers by simply forwarding a random port on your Firewall to the SSH port (22) on a client workstation/server.
Also note that any port that you "Forward" to another computer on your network does not have to be "open" first (included in the "Allowed Services" portion of the Yast Firewall module). Yast will automatically open the port to allow it to be forwarded.
|
Purchase "Deploying Suse Linux Enterprise Server" at Lulu.com |
