[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Firewall Public IP's?


On Thu, Apr 11, 2002 at 08:34:07AM -0700, Mike Egglestone wrote:
> Is it possible to add a Debian box in here somewhere,
> to be the Firewall and still protect those public IP's?

I think it's time for some theoretical TCP/IP. You have basically
two options. The Debian box can act as a router, or as a bridge. 

If it is acting as a router, it needs different IP networks on each
of it's interfaces. So what comes to mind is splitting your /24
network so that you have a subnet for the Cisco/Debian network, and
another one for the Ofice. But, this would leave at most 126
addresses for the office, so this is impractical. 
You could also give the Debian box three network interfaces and put
the servers into their own subnet as a dmz (de-militarized zone).

If it's a filtering bridge, you can look at it as an intelligent
hub, blocking things that aren't welcome. Then you could plug it in
between the Cisco and your network, and it would transparently
filter. For this, you would need arp-proxy. But I have no experience
with bridging under Linux so I would suggest further reading in that
Google is your friend ;-)

Ciao, Arne.
GPG 1024D/913C2F81 2000-10-11 Arne P. Boettger <apb@createx.de>   /\\
Fingerprint = 6ED9 9A64 CD8A EB6F D841  0391 2F08 8F86 913C 2F81 _\_V

To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: