I am assigned a block of IP addresses from the Office of Information Tech. at our University. Along with this block of IP's come the DNS servers I have to use and the Default Gateway. Everything else, DHCP, File server, webserver is up to me to provide. I need to build a firewall that will allow my current block of addresses(class B), which are assigned to my network from a DHCP server that will is on my network to access the net while providing a secure environment. Since I have a substantial amount of addresses I do not need NAT to use 192's, etc... Where my confusion comes in is the fact that I am already assigned a default gateway on my network. Is it possible to apply a firewall with Internet connection sharing that acts as a new default gateway for my internal network while the firewall would still use the Default Gateway assigned to me? How would I go about sharing that connection without using NAT? Or should I just build a bridging firewall? I am hesitant about a bridging firewall because it seems that it would need to be fairly speedy to keep up with our network traffic. Any recommendations would be appreciated. Thanks.
Bobby Knueven
If you are putting a firewall between your subnet and the default gateway
for your subnet the simplest setup is a bridging firewall. It's not as
trivial to configure as a normal or routing firewall. I've only actually
done this with RH7.3, but I don't think there are any fundamental differences.
As a bridging firewall you can set it up to inspect packets as they pass
through the bridge and reject or drop those it doesn't like. Otherwise it
operates just like a bridge, and is effectively transparent to the rest of
the network. If you want, you can give an IP to the bridge so that you can
access it from other hosts, but that's not necessary if you maintain it from
the console.
-- Nigel Wade, System Administrator, Space Plasma Physics Group, University of Leicester, Leicester, LE1 7RH, UK E-mail : nmw@xxxxxxxxxxxx Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
