Re: Router with firewall suggestion

["CTA" <cta () hcsin net>]

<color><param>0100,0100,0100</param>On 2 Dec 2002, at 15:03, Steve Bostedor wrote:


</color>From:                   "Steve Bostedor" <<Steveb () tshore com>

To:                     <<firewall-wizards () honor icsalabs com>

Subject:                [fw-wiz] Router with firewall suggestion

Date sent:              Mon, 2 Dec 2002 15:03:26 -0500


<color><param>7F00,0000,0000</param>> We have a small block of external Ip addresses being routed to us

> from our broadband ISP.  They do not allow us to set the

> access-lists on their edge router, so we need to put something on

> our side that will filter traffic and act as a firewall for those

> addresses.  Layer 3 switches look real expensive.  Any

> recommendations?

>

> Thanks!

> _______________________________________________

> firewall-wizards mailing list

> firewall-wizards () honor icsalabs com

> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

>

</color>>>>

<color><param>0100,0100,0100</param><FontFamily><param>Times New Roman</param><bigger>Get BSDi and a Pentium II/III 
class machine with two NICs, 
512M RAM, and build a Bastion Host. (Cost << $3k)  You can 
do with FreeBSD or OpenBSD, but not LINUX. Sorry but 
LINUX ‘s implementation of packet filtering is way to 
venerable. If you are really into hacking a STRONG Bastion, 
try building a BPF based filter. If you don’t know what BPF is 
then move on…


One interface to your router/Open-DMZ and the other to your 
Private or Managed DMZ


Run IPFW on both interfaces to filter IN only that traffic which 
you need. 


Setup standard IP and SMURF filters on the router. NIX FW 
on you Gateway Routers!


IMHO

</color><FontFamily><param>Arial</param><smaller> 



<nofill>
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
This email and any files transmitted with it are confidential and are
intended solely for the use of the individual or entity to whom they are
addressed.  This communication may contain material protected by the
attorney-client privilege.  If you are not the intended recipient, be
advised that you have received this email in error and that any use,
dissemination, forwarding, printing, or copying of this email is strictly
prohibited. If you have receive this email in error, please immediately
notify the sender by email. 
> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards