Re: Firewall Planning
In article <[🔎] 1066752252.11508.77.camel@dos> red@gato.net writes:
>I have 5 static ips
>Im using a p400 with two nics (deb woody)
>Goals:
>I want to do Packet Filtering and logging for the DMZ and the
>workstations:
See http://www.blars.org/sapaf.html for one way of putting your dmz
hosts behind the firewall without needing a separate subnet (with
differnt IPs) for them.
>Questions:
>1) Do I need three Nics on the Firewall , one for the DMZ?
It's a good idea, but not strictly needed. You don't need the hub
when doing this. (Use crossover cables.)
>3) If the WAN interface in the router is a 64.1.1.x and the LAN
>interface is a 2.x.x.x/24 will i be able to route the 1.1.1.x/24 and DMZ
>host through the FW?
Sure, just to NAT on one segment.
>4) I want to use Iptables because I heard they are more advanced than
>ipchains is this true?
Yup.
--
Blars Blarson blarson@blars.org
http://www.blars.org/blars.html
With Microsoft, failure is not an option. It is a standard feature.
Reply to: