Re: FC as network firewall.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Rodolfo J. Paiz ha scritto: 
On Wed, 2005-01-26 at 19:40 +0100, Franco wrote:

Hi, what i need is this:
i have a Cisco Router and 8 servers with 8 public ips,
now i need of a firewall and i want to setup a linux server
as firewall to filter all incoming traffic from router and
pass it to a servers if the firewall policy have passed.

What i need to know is how can i setup the ethernet card
for use it as firewall-gateway for my public lan.
Best regards.



All you need is to set up the Linux system with *two* Ethernet cards
(not one, as your text seems to suggest) connected this way:

Cisco <---> Linux firewall <---> Ethernet Switch <---> Servers

Once you have both Ethernet interfaces, Shorewall has NAT and
masquerading abilities that are more than ample for your needs. I do
this kind of thing quite frequently.

However, as some other poster pointed out, this sounds very much like a
system on which your business will depend; and that makes the cost of
any mistakes, or downtime, or a cracked firewall, much higher (perhaps
more than you can afford).

Are you sure you want to set this up as your first project? Perhaps you
would be well advised to set up a test system or three, get to know the
software involved, and understand the material better before you go
"live"?

Also, is there a reason you are using such a powerful box for your
firewall? You have 2,700 MHz and probably don't need more than 200 MHz;
and you have 768MB of RAM where at most you likely need 64MB. I don't
suggest that you *must* use old and underpowered hardware! I simply
would like to be sure that you are not under the opposite mistaken
impression (i.e. that you actually need this much power).

Cheers,

Hi, i have already installed 2 Nic card, but how can i setup the NIC
card to gateway the traffic, as the first step for me this will be
the best to put the server beetwen the Router and the Switch and
all work fine. After i will start to configure iptables with shorewall.
I have also another question with this configuration i can analize
the mail traffic to delete virus and spamming?
Best regards.

Ps. Sorry i'm very nerby and for pc i have only this.

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux