How to route

To: <debian-security@lists.debian.org>
Subject: How to route
From: Marco Tassinari <iw3hja@dei.unipd.it>
Date: Mon, 25 Jun 2001 15:35:29 +0200 (CEST)
Message-id: <[🔎] Pine.LNX.4.33.0106251517280.23958-100000@ulla>
In-reply-to: <20010625130730.1850.qmail@murphy.debian.org>


Hallo,
 I wonder what is the best solution for security in this ascii-art
network:


           [router]
              |
           [      ]
              |
              +--------------|-------------|----....----|
              |              |             |            |
           [server]         [PC]          [PC]         [PC]


 The toplogy is untouchable: this is a marketing request.
  In the empty space I put my firewall: a filter and proxy (squid)
  server, debian potato with kernel 2.2.19, ipchains made.
  It seems a good solution to me.
  The trouble is a preimposted NAT table in the router: the unique
  external IP is remapped to the internal address of the server.
  I don't know how to say the router 'route add default gw firewall'...
  and my manager said: <<router is preferibly not to modify>>.

  So i thougth:

  First solution: to make the firewall be a bridge for incoming
                  connections to the server, and normal filter+proxy for
                  outgoing ones. It seems not so good to me.

  Or: to make the firewall use a 2.4.5 kernel, and use NAT iptable to
      redirect in some way the router --> server connection. I think (but
      I'm not sure) it should work. It costs a lot to me in upgrading to
      iptables.


 What do you suggest?
Thanks!, Marco



-- 

 Marco Tassinari +039 328 1187801
                 mailto:iw3hja@dei.unipd.it
                 http://www.taffi.it

Reply to:

Follow-Ups:
- Re: How to route
  - From: Davy Gigan <davy@info.unicaen.fr>

Prev by Date: general question about login progs
Next by Date: Re: How to route
Previous by thread: general question about login progs
Next by thread: Re: How to route
Index(es):
- Date
- Thread