Firewall Configuration with new change

Lakshmana

I was given Centos 6.5 Minimal desktop in VM machine and with the hard disk of 10 GB and 512 MB RAM.I have given the 3 NIC cards in Vm machine.Then,I am having WAN network as 192.168.50.0/24.The WAN IP can be 192.168.50.1/24.There is a firewall with the another IP 192.168.200.1/24(Gateway).The Centos 6.5 installed machine should have IP of 192.168.200.40/24.I need to configure basic firewall and SSH port should be open.My block diagram is given below.Please verify this block.How to do this basic firewall in IPtable?

A Former User

All of those addresses are rfc 1918 none are a Public WAN.

Lakshmana

@thecreativeone91 said:

c 1918 none are a Public WAN.

Yes it is for testing purpose only.So these IP are provided

A Former User

@Lakshmana said:

@thecreativeone91 said:

c 1918 none are a Public WAN.

Yes it is for testing purpose only.So these IP are provided

It sounds like you need a router maybe? I'm not sure what the three nic's would be for with a server.

Lakshmana

@thecreativeone91 said:

r maybe? I'm not sure what the three nic's would be for with a serve

The WAN should be able to access LAN with the presence of Firewall

A Former User

@Lakshmana said:

@thecreativeone91 said:

r maybe? I'm not sure what the three nic's would be for with a serve

The WAN should be able to access LAN with the presence of Firewall

A firewall and router are two different things. Even though a router may contain a firewall. You need something to route between the networks. Opening the firewall won't do any good on it's own.

scottalanmiller

@Lakshmana as we've stated before, there is no need for a diagram like that. That's just what a "firewall" is. It's not telling us anything that the word firewall doesn't already imply.

scottalanmiller

@Lakshmana said:

@thecreativeone91 said:

c 1918 none are a Public WAN.

Yes it is for testing purpose only.So these IP are provided

Ah, okay. So you are "faking" the WAN side. That's fine. Good way to test.

scottalanmiller

@thecreativeone91 said:

It sounds like you need a router maybe? I'm not sure what the three nic's would be for with a server.

My understanding here, and I could easily be wrong, is that the CentOS VM in question IS the router / firewall.

Lakshmana

@scottalanmiller said:

IS the router / firewall.

I cant understood scott

scottalanmiller

@thecreativeone91 said:

A firewall and router are two different things. Even though a router may contain a firewall. You need something to route between the networks. Opening the firewall won't do any good on it's own.

He is correct. You cannot talk about the firewall function until you have built either a router or a bridge on the CentOS VM. It has to be one or the other first. Then you can implement a firewall on top of that.

scottalanmiller

@Lakshmana said:

@scottalanmiller said:

IS the router / firewall.

I cant understood scott

To connect a WAN to a LAN there must be a router. There is no exception to this, it is a physical necessity of connecting two networks. In this case, it sounds like you want this CentOS server to be the thing that connects those two networks, is that correct?

thanksajdotcom

@Lakshmana said:

@thecreativeone91 said:

c 1918 none are a Public WAN.

Yes it is for testing purpose only.So these IP are provided

Ok, is the purpose of the firewall supposed to be for setting up a site-to-site VPN? That's what it sounds like to me.

A Former User

@thanksajdotcom said:

@Lakshmana said:

@thecreativeone91 said:

c 1918 none are a Public WAN.

Yes it is for testing purpose only.So these IP are provided

Ok, is the purpose of the firewall supposed to be for setting up a site-to-site VPN? That's what it sounds like to me.

I don't see anything about a VPN. Looks like a standard test environment. Just going about it the wrong way.

thanksajdotcom

Also, you've managed to give us the technical goal of what you're trying to accomplish, but you still haven't told us what the purpose of this firewall is. Is it to filter traffic, connect to another site as a VPN tunnel, act as a router, what? It may be several of those or none of those. But you haven't told us what you're trying to accomplish. WHY, from a business perspective, are you setting up this firewall?

A Former User

You be better off setting up Pfsense as the one with the WAN Nic, then using VM internal NICs for your servers on the LAN of Pfsense off of that.

scottalanmiller

@thanksajdotcom said:

Ok, is the purpose of the firewall supposed to be for setting up a site-to-site VPN? That's what it sounds like to me.

Oh this is going to get confusing very quickly. I don't see anything that suggests this. What part of his description made you feel that he wanted this?

Lakshmana

@thanksajdotcom This firewall is just to access the LAN from WAN to connect SSH ports

scottalanmiller

Also, this is relatively complicated, because of technical reasons I'm not going to go into to save on confusion, but you cannot "open" a port on a firewall like this. You have to "port forward". So you have to know the IP Address to which you want Port 22 (SSH) to be forwarded. Only one machine on the LAN can have SSH accessed from the WAN.

thanksajdotcom

@Lakshmana said:

@thanksajdotcom This firewall is just to access the LAN from WAN to connect SSH ports

@scottalanmiller said:

@thanksajdotcom said:

Ok, is the purpose of the firewall supposed to be for setting up a site-to-site VPN? That's what it sounds like to me.

Oh this is going to get confusing very quickly. I don't see anything that suggests this. What part of his description made you feel that he wanted this?

His diagram. It looks like he's trying to connect to other workstations.