Firewall Wizards mailing list archives

Re: Questions about firewall

From: "Yin To Chu" <ytchu () ozemail com au>
Date: Tue, 20 Jul 1999 11:20:47 +1000

Of course. you need a third NIC for DMZ. People would prefer a DMZ for this
purpose.

Why not using IPCHAIN in RedHat 6.0?  Or
ipfilter for Linux at http://www4.dgtu.donetsk.ua:8103/pub/Linux/IPFilter/
or
ipfirewall for Linux at http://www.ipfirewall.com/ipfirewall.html or
Juniper Proxy Firewall Toolkit at http://www.obtuse.com/juniper/

You may also need this tool to set up the filter list efficiently
http://www.cyber.com.au/users/darrenr/flc.html

Alternatively, you may want to try the commercial strength
Phoenix Adaptive Firewall at
http://www.progressive-systems.com/products/phoenix/ which is said to be
multilayer stateful firewall. or
Juniper Proxy Firewall Toolkit at http://www.obtuse.com/juniper/


Squid is generally used for Internet cache / proxy in Linux/Unix world. Do
you have other good choices for Linux? Or just useful boxes like Cabalt
Network Cube / RaQ II, etc.

Yt
----

----- Original Message -----
From: <fgb () domain com br>
To: <firewall-wizards () nfr net>
Cc: <fgb () domain com br>
Sent: Tuesday, July 20, 1999 5:45 AM
Subject: Questions about firewall

I'm a begginer in firewall technologies, and I have several questions, so

I hope the wizard

will be able to help me a lot. ;-)

I'm using Linux Red Hat 5.2 (Kernel 2.0.36) with two NICs, one in the

Internet (connect to an ISP connection throw a router) and another in the
protect network. I have a little range of valid address and I'll have a mail
and a web server. My first question is: Do I need to have a third NIC in my
firewall machine and a little network (DMZ) where I will connect my mail and
web server, or can I perform a NAT on the linux machine and make my servers,
that are in the protect network, visible on the Internet ? In case of the
second option, how can I implement the NAT ?


Since I'll be using Red Hat 5.2 (kernel 2.0.36), I should use ipfwadm, is

that correct ?


Can I  have IP filters so that I can control access of certain protocols

and ports ?


I also want to use a proxy/cache server. Is squid a good choice ?

For these caracteristics I pretend to have in my firewall, what services

may I compile in the kernel and what modules should I install ?


Any ideas, tips, pointer, etc, would be much appreciated.

Thanks,

Fabio.
fgb () domain com br

Current thread:

Questions about firewall fgb (Jul 19)
- Re: Questions about firewall Yin To Chu (Jul 20)
- Re: Questions about firewall Riccardo Fontana (Jul 20)
- Re: Questions about firewall dreamwvr (Jul 20)