[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Firewall Planning



In article <1066752252.11508.77.camel@dos> red@gato.net writes:
>I have 5 static ips
>Im using a p400 with two nics (deb woody)

>Goals:
>I want to do Packet Filtering and logging for the DMZ and the
>workstations:

See http://www.blars.org/sapaf.html for one way of putting your dmz
hosts behind the firewall without needing a separate subnet (with
differnt IPs) for them.

>Questions:
>1) Do I need three Nics on the Firewall , one for the DMZ?

It's a good idea, but not strictly needed.  You don't need the hub
when doing this.  (Use crossover cables.)

>3) If the WAN interface in the router is a 64.1.1.x and the LAN
>interface is a 2.x.x.x/24 will i be able to route the 1.1.1.x/24 and DMZ
>host through the FW?

Sure, just to NAT on one segment.

>4) I want to use Iptables because I heard they are more advanced than
>ipchains is this true?

Yup.

-- 
Blars Blarson			blarson@blars.org
				http://www.blars.org/blars.html
With Microsoft, failure is not an option.  It is a standard feature.



Reply to: