Firewall Wizards mailing list archives
Re: Questions about firewall
From: Riccardo Fontana <rfontana () seclab com>
Date: Tue, 20 Jul 1999 09:59:23 +0200
fgb () domain com br wrote:
I'm a begginer in firewall technologies, and I have several questions, so I hope the wizard will be able to help me a lot. ;-) I'm using Linux Red Hat 5.2 (Kernel 2.0.36) with two NICs, one in the Internet (connect to an ISP connection throw a router) and another in the protect network. I have a little range of valid address and I'll have a mail and a web server. My first question is: Do I need to have a third NIC in my firewall machine and a little network (DMZ) where I will connect my mail and web server, or can I perform a NAT on the linux machine and make my servers, that are in the protect network, visible on the Internet ? In case of the second option, how can I implement the NAT ? Since I'll be using Red Hat 5.2 (kernel 2.0.36), I should use ipfwadm, is that correct ? Can I have IP filters so that I can control access of certain protocols and ports ? I also want to use a proxy/cache server. Is squid a good choice ? For these caracteristics I pretend to have in my firewall, what services may I compile in the kernel and what modules should I install ? Any ideas, tips, pointer, etc, would be much appreciated. Thanks, Fabio. fgb () domain com br
Hi Fabio, I'll give you some personal opinion for securing this situation. (I usually work with commercial firewalls like Checkpoint and Axent but I think that these guidelines are good for every kind of firewall) It's always a good choice to put the public services on a DMZ on a third network adapter. If you have problem using NAT you can always subnet your valid IP range (if your provider permit this option) and use one subnet on your DMZ network for your Web and Mail servers. If you don't like this combination you can always create a DMZ with private addressing (following the IANA recommendations) and export the servers to Internet via a Static Nat (a one to one traslation). -- Riccardo Fontana Intesis SECURITY LAB Phone: +39-2-671563.1 Via Settembrini, 35 Fax: +39-2-66981953 I-20124 Milano ITALY Email: rfontana () seclab com
Current thread:
- Questions about firewall fgb (Jul 19)
- Re: Questions about firewall Yin To Chu (Jul 20)
- Re: Questions about firewall Riccardo Fontana (Jul 20)
- Re: Questions about firewall dreamwvr (Jul 20)