Re: Firewall Planning

To: debian-firewall@lists.debian.org
Cc:
Subject: Re: Firewall Planning
From: Blars Blarson <blarson@blars.org>
Date: Tue, 21 Oct 2003 17:07:21 -0700
Message-id: <[🔎] 200310220007.h9M07LOB005709@renig.nat.blars.org>
In-reply-to: <[🔎] 1066752252.11508.77.camel@dos>

In article <[🔎] 1066752252.11508.77.camel@dos> red@gato.net writes:
>I have 5 static ips
>Im using a p400 with two nics (deb woody)

>Goals:
>I want to do Packet Filtering and logging for the DMZ and the
>workstations:

See http://www.blars.org/sapaf.html for one way of putting your dmz
hosts behind the firewall without needing a separate subnet (with
differnt IPs) for them.

>Questions:
>1) Do I need three Nics on the Firewall , one for the DMZ?

It's a good idea, but not strictly needed.  You don't need the hub
when doing this.  (Use crossover cables.)

>3) If the WAN interface in the router is a 64.1.1.x and the LAN
>interface is a 2.x.x.x/24 will i be able to route the 1.1.1.x/24 and DMZ
>host through the FW?

Sure, just to NAT on one segment.

>4) I want to use Iptables because I heard they are more advanced than
>ipchains is this true?

Yup.

-- 
Blars Blarson			blarson@blars.org
				http://www.blars.org/blars.html
With Microsoft, failure is not an option.  It is a standard feature.

Reply to:

References:
- Firewall Planning
  - From: red <red@gato.net>

Prev by Date: Re: Firewall Planning
Next by Date: public wifi (was: Re: Firewall Planning)
Previous by thread: Re: Firewall Planning
Next by thread: AW: Firewall Planning
Index(es):
- Date
- Thread