Re: Router with firewall suggestion

["Paul D. Robertson" <proberts () patriot net>]

On Mon, 2 Dec 2002, Steve Bostedor wrote:
[Moderator's note: I'm not going to approve "My favorite firewall" 
messages to the list- send them directly if you must.]


> We have a small block of external Ip addresses being routed to us from
> our broadband ISP.  They do not allow us to set the access-lists on
> their edge router, so we need to put something on our side that will
> filter traffic and act as a firewall for those addresses.  Layer 3
> switches look real expensive.  Any recommendations?

1.  Add your own router behind the ISP's router and have them adjust their 
routing tables accordingly (possibly you could add a router without any 
adjustment with an unnumbered interface.)

2. Add a bridge mode packet filter.  There are free ones and commercial 
ones.  

3. Put in a small firewall and NAT the "public" addresses (preferably off 
to a service network on a 3rd interface) and proxy ARP for the outside 
addresses.  You can either go with a free *nix solution, or one of a 
multitude of commercial offerings, almost all of which probably live in 
the Firewall Buyer's Guide at http://www.icsalabs.com/ (exact location 
left as an exercise for the reader.)

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () patriot net      which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards