Re: Firewall...
Hello once again!
On Tue, May 18, 1999 at 09:24:45AM +0000, Graham Lillico +44 1785 782329 wrote:
> Hi again, and Thanks for all the replys.
>
> Well this firewall is to sit between the internet and my network,
> using a dialup connection for the time being but this will be
> upgraded to a permanent connection in the near future. I am looking
> at using ipchains to do the packet filtering and the internal network
> is only going to need email and maybe web access.
Do you mean the firewall box only to act as a www, mail forwarder or will
you be using it as mailserver as well? In that case, a decent mail transport system
would be helpful :)
You can also set the box up to act as a www caching proxy (it speeds web
access quite a lot in some specific situations, like: most of the users
browse mostly the same web pages and you have a _decent_ amount of RAM at
the firewall box - probably 64 MEGs would be enough for a small server)
Also having a nameserver set up locally is nice - you can set up names for
your internal network and have it act as a dns forwarder/cache - and it does
some boost if the client hosts are set up properly)
Generally... your box seems more and more similar to my server at school :)
> I have read the HOWTOs and other docs and I have decided that the best
> solution to my situation will be a deny everything firewall and then just
> explicity allow the services I require (i.e. smtp, www, etc).
if it is not a gigantic (for me gigantic is more than some 100 hosts) local
network then even more secure way may be having a masquerading host - in
which case the clients on the local network are totally invislible directly
to the outer world, but they may normally connect to the outer world.
--
---------------------------------------------------
Marcin Owsiany
porridge@lo4.ids.bielsko.pl
---------------------------------------------------
Reply to: