Firewall Wizards mailing list archives
Re: Questions about firewall
From: "Yin To Chu" <ytchu () ozemail com au>
Date: Tue, 20 Jul 1999 11:20:47 +1000
Of course. you need a third NIC for DMZ. People would prefer a DMZ for this purpose. Why not using IPCHAIN in RedHat 6.0? Or ipfilter for Linux at http://www4.dgtu.donetsk.ua:8103/pub/Linux/IPFilter/ or ipfirewall for Linux at http://www.ipfirewall.com/ipfirewall.html or Juniper Proxy Firewall Toolkit at http://www.obtuse.com/juniper/ You may also need this tool to set up the filter list efficiently http://www.cyber.com.au/users/darrenr/flc.html Alternatively, you may want to try the commercial strength Phoenix Adaptive Firewall at http://www.progressive-systems.com/products/phoenix/ which is said to be multilayer stateful firewall. or Juniper Proxy Firewall Toolkit at http://www.obtuse.com/juniper/ Squid is generally used for Internet cache / proxy in Linux/Unix world. Do you have other good choices for Linux? Or just useful boxes like Cabalt Network Cube / RaQ II, etc. Yt ---- ----- Original Message ----- From: <fgb () domain com br> To: <firewall-wizards () nfr net> Cc: <fgb () domain com br> Sent: Tuesday, July 20, 1999 5:45 AM Subject: Questions about firewall
I'm a begginer in firewall technologies, and I have several questions, so
I hope the wizard
will be able to help me a lot. ;-) I'm using Linux Red Hat 5.2 (Kernel 2.0.36) with two NICs, one in the
Internet (connect to an ISP connection throw a router) and another in the protect network. I have a little range of valid address and I'll have a mail and a web server. My first question is: Do I need to have a third NIC in my firewall machine and a little network (DMZ) where I will connect my mail and web server, or can I perform a NAT on the linux machine and make my servers, that are in the protect network, visible on the Internet ? In case of the second option, how can I implement the NAT ?
Since I'll be using Red Hat 5.2 (kernel 2.0.36), I should use ipfwadm, is
that correct ?
Can I have IP filters so that I can control access of certain protocols
and ports ?
I also want to use a proxy/cache server. Is squid a good choice ? For these caracteristics I pretend to have in my firewall, what services
may I compile in the kernel and what modules should I install ?
Any ideas, tips, pointer, etc, would be much appreciated. Thanks, Fabio. fgb () domain com br
Current thread:
- Questions about firewall fgb (Jul 19)
- Re: Questions about firewall Yin To Chu (Jul 20)
- Re: Questions about firewall Riccardo Fontana (Jul 20)
- Re: Questions about firewall dreamwvr (Jul 20)