Re: Hardware configuration

To: <debian-firewall@lists.debian.org>
Subject: Re: Hardware configuration
From: "istene" <ist3n3@tiscali.it>
Date: Wed, 24 Apr 2002 07:28:17 +0200
Message-id: <[🔎] 008d01c1eb50$d8f488a0$3600000a@iriss.it>
References: <[🔎] Pine.LNX.4.10.10204241029270.881-100000@flipflop.ieee.uow.edu.au>

Hi,
    I use multiple firewalls because i need to divide offices and directions
from labs and from classrooms. I prefer using multiple firewalls, so i have
not a single point of failure for all clients, and firewall' configuration
would be easier.

This is the configuration i'm planning to use:

I will have 3 subnets:
LIS1 (4 labs) about 60 clients, will be behind a gibraltar firewall (FW1)
LIS2 (classrooms and library) about 100 clients, will be behind a gibraltar
firewall (FW2)
LIS3 (direction and offices) about 20 clients will be behind gibraltar
firewall (FW3)

Each firewall will have 3 NIC, one to the cisco routers that provide one or
more ADSL connection to the Internet, one to the LIS it protects, and one to
the other
firewalls

               cisco1      cisco2
                   |               |
LIS1----- FW1----FW2----LIS2
                          |
        LIS3---- FW3
                          |
                     cisco3


I need NATting because we have only 18 static ip for more than 100 clients,
so i suppose that RAM amount should be more than 128 Mb for LIS1 and LIS2.
I'd like to know opinion on this configuration.
Best regards, and thanks for your help.
Gianstefano Monni


----- Original Message -----
From: "Matthew Palmer" <mjp16@ieee.uow.edu.au>
To: "istene" <ist3n3@tiscali.it>
Cc: <firewalls@lists.gnac.net>; <debian-firewall@lists.debian.org>
Sent: Wednesday, April 24, 2002 2:31 AM
Subject: Re: Hardware configuration


> On Tue, 23 Apr 2002, istene wrote:
>
> >     I need to setup security for a net of 130 clients. I will use
Gibraltar
> > and have, a debian-based distro and i plan to configure 2 or 3
firewalls.
>
> Why the multiple firewalls?  If you've got multiple links, you're better
off
> channel bonding or something else to tidy it up, otherwise doing routing
> tables internally is going to be a stone drag.
>
> > Does any1 have experience of using linux-based firewalls with so many
> > clients (i will use NAT and have 13 static ips) ? If yes, how's the
hardware
>
> Hardware shouldn't be an issue.  Any PCI-based system with decent
100BaseTX
> cards (avoid anything RTL-8139, the buffers aren't big enough - I like
3Com
> 3c59x or EE100) should be able to handle full-rate transfers.  The
> bottleneck is going to be in your external connection.
>
>
> --
> -----------------------------------------------------------------------
> #include <disclaimer.h>
> Matthew Palmer
> mjp16@ieee.uow.edu.au
>


-- 
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- unsubscribe
  - From: "Matthew Lambie" <mlambie@pacc.com.au>

References:
- Re: Hardware configuration
  - From: Matthew Palmer <mjp16@ieee.uow.edu.au>

Prev by Date: Re: Hardware configuration
Next by Date: unsubscribe
Previous by thread: Re: Hardware configuration
Next by thread: unsubscribe
Index(es):
- Date
- Thread