[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

How to route

 I wonder what is the best solution for security in this ascii-art

           [      ]
              |              |             |            |
           [server]         [PC]          [PC]         [PC]

 The toplogy is untouchable: this is a marketing request.
  In the empty space I put my firewall: a filter and proxy (squid)
  server, debian potato with kernel 2.2.19, ipchains made.
  It seems a good solution to me.
  The trouble is a preimposted NAT table in the router: the unique
  external IP is remapped to the internal address of the server.
  I don't know how to say the router 'route add default gw firewall'...
  and my manager said: <<router is preferibly not to modify>>.

  So i thougth:

  First solution: to make the firewall be a bridge for incoming
                  connections to the server, and normal filter+proxy for
                  outgoing ones. It seems not so good to me.

  Or: to make the firewall use a 2.4.5 kernel, and use NAT iptable to
      redirect in some way the router --> server connection. I think (but
      I'm not sure) it should work. It costs a lot to me in upgrading to

 What do you suggest?
Thanks!, Marco


 Marco Tassinari +039 328 1187801

Reply to: