Security Basics mailing list archives
RE: firewall setup
From: Ognen Duzlevski <maketo () sdf lonestar org>
Date: Wed, 7 Jul 2004 16:57:41 +0000 (UTC)
Thank you all who replied to my question. I understand the issues much better now.
Ognen On Wed, 7 Jul 2004, David Gillett wrote:
Date: Wed, 7 Jul 2004 09:43:51 -0700 From: David Gillett <gillettdavid () fhda edu> To: 'Ognen Duzlevski' <maketo () sdf lonestar org>, 'securityfocus' <security-basics () securityfocus com> Subject: RE: firewall setup Yes, sort of, although that's only one way to do it. You would have the firewall performing NAT (Network Address Translation) between public and private addresses. For each of these servers, you'd put in a static NAT rule mapping the server's public IP address to a new private address where the server actually resides. Another common alternative is to install the firewall as a router or bridge (only a few firewall products can act as bridges, but this often simplifies introduction of the new firewall to an existing network) between the servers (perhaps the entire campus network) and the rest of the world. With any luck, the servers may be able to keep their current addresses. In order to use the firewall's address as you describe, there are a couple of additional issues: 1. The "firewall" may be acting as a "reverse proxy". Microsoft's ISA server can do this, and it's actually a pretty good approach to take. 2. The firewall may be doing "port forwarding". This is really a SOHO-type feature, popular with sites who only have one public address. It pretty much requires that any particular service (web, email, etc) only be hosted by one server because the firewall has no way to know which box a given URL should refer to. David Gillett (at a big .edu)-----Original Message----- From: Ognen Duzlevski [mailto:maketo () sdf lonestar org] Sent: Wednesday, July 07, 2004 7:33 AM To: securityfocus Subject: firewall setup Hi, I have a basic question: we have several boxes with unique public IP addresses which are part of a big .edu namespace. I would like to put these machines behind one single firewall and still keep their names. Is it possible to have all names point to the firewall machine and then have the firewall direct the specific request to a specific box behind it? So, if F is firewall.x.edu and I have A.x.edu, B.x.edu and C.x.edu I want to have A, B and C behind F. A, B and C should now point to F and F will direct all outside requests to A, B or C based on the name. Thanks, Ognen -------------------------------------------------------------- ------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------- --------------
-- Ognen Duzlevski Digital Biology Laboratory 302 North Engineering Building University of Missouri-Columbia (573) 882-5978 ---------------------------------------------------------------------------Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
Current thread:
- firewall setup Ognen Duzlevski (Jul 07)
- Re: firewall setup Salvador Sosa (Jul 07)
- RE: firewall setup David Gillett (Jul 07)
- RE: firewall setup Ognen Duzlevski (Jul 07)
- RE: firewall setup Somnus (Jul 08)
- Re: firewall setup Dave Dearinger (Jul 08)
- Re: firewall setup Nelson Santos (Jul 08)
- <Possible follow-ups>
- RE: firewall setup MARTIN M. Bénoni (Jul 08)