[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Hardware configuration

    I use multiple firewalls because i need to divide offices and directions
from labs and from classrooms. I prefer using multiple firewalls, so i have
not a single point of failure for all clients, and firewall' configuration
would be easier.

This is the configuration i'm planning to use:

I will have 3 subnets:
LIS1 (4 labs) about 60 clients, will be behind a gibraltar firewall (FW1)
LIS2 (classrooms and library) about 100 clients, will be behind a gibraltar
firewall (FW2)
LIS3 (direction and offices) about 20 clients will be behind gibraltar
firewall (FW3)

Each firewall will have 3 NIC, one to the cisco routers that provide one or
more ADSL connection to the Internet, one to the LIS it protects, and one to
the other

               cisco1      cisco2
                   |               |
LIS1----- FW1----FW2----LIS2
        LIS3---- FW3

I need NATting because we have only 18 static ip for more than 100 clients,
so i suppose that RAM amount should be more than 128 Mb for LIS1 and LIS2.
I'd like to know opinion on this configuration.
Best regards, and thanks for your help.
Gianstefano Monni

----- Original Message -----
From: "Matthew Palmer" <mjp16@ieee.uow.edu.au>
To: "istene" <ist3n3@tiscali.it>
Cc: <firewalls@lists.gnac.net>; <debian-firewall@lists.debian.org>
Sent: Wednesday, April 24, 2002 2:31 AM
Subject: Re: Hardware configuration

> On Tue, 23 Apr 2002, istene wrote:
> >     I need to setup security for a net of 130 clients. I will use
> > and have, a debian-based distro and i plan to configure 2 or 3
> Why the multiple firewalls?  If you've got multiple links, you're better
> channel bonding or something else to tidy it up, otherwise doing routing
> tables internally is going to be a stone drag.
> > Does any1 have experience of using linux-based firewalls with so many
> > clients (i will use NAT and have 13 static ips) ? If yes, how's the
> Hardware shouldn't be an issue.  Any PCI-based system with decent
> cards (avoid anything RTL-8139, the buffers aren't big enough - I like
> 3c59x or EE100) should be able to handle full-rate transfers.  The
> bottleneck is going to be in your external connection.
> --
> -----------------------------------------------------------------------
> #include <disclaimer.h>
> Matthew Palmer
> mjp16@ieee.uow.edu.au

To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: