Firewall in an internet-caffe

To: Debian-Firewall <debian-firewall@lists.debian.org>
Subject: Firewall in an internet-caffe
From: IronHand <ironhand@go2.pl>
Date: Sat, 26 May 2001 20:39:45 +0200
Message-id: <[🔎] 1898419482.20010526203945@go2.pl>
Reply-to: IronHand <ironhand@go2.pl>

Hello!

I have a little problem here. After reading of 'Security: port-fw vs.
ip-aliasing' I started to think about network structure in InetCaffe I'm
going to take care of.

There is a young and lazy administrator now, and everything he does is
sitting on IRC and taking over channels. So what I need is to change
network geometry competly. There is no firewall now (!) so I need to
make one. I'll be using Potato. I can use two computers, and I need to
divide virtual ftp/mail/www servers, dns server and firewall between
them. I was thinking of:

<INTERNET> ---- |FIREWALL + DNS| ---- |FTP/MAIL/WWW|
                       |
                       |
       (COMPUTERS with WINDOWS in CAFFE)

Is this a good choice? I have 32 IP's, so I'm going to use x.x.x.1 for
FIREWALL & DNS, x.x.x.2 for FTP/MAIL/WWW, and x.x.x.3- for Win's.

So for windows x.x.x.1 is DNS server and Gateway, am I right? Is it
enough to ACCEPT some connections from/to computer to/form internet via
ipchains and DENY others? Maybe You know there's a better net structure
for this situation. Oh! My boss want's to sell Shell accounts also.
Where do You think I should placate them: on firewall or behind it?


Best regards
IronHand
-- 
nIck: IronHand of CruX     /GCS d-(++) s:- a18 C++ UL++++ P+++ L++@ E\
maIl:                     { W+++ N+ o? K? w+++ !O M V? PS+ PE- Y PGP- }
ironhand@zsno.ids.czest.pl \t+ 5+ X- R++ tv b+ DI? D+ G++ e- h! r% y-/

Reply to:

Prev by Date: Re: Broadcast ping
Next by Date: Re: Multiple DSLs, and switching incoming route upon failure?
Previous by thread: Re: Broadcast ping
Next by thread: Re: Firewall in an internet-caffe
Index(es):
- Date
- Thread