Re: firewall ??

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2004-07-08 at 14:39, Matt Morgan wrote:
> On 07/08/2004 02:12 PM, Bobby Knueven wrote:
> 
> > Still a little confused on firewalls. Here's my situation (more detail 
> > this time).
> >
> > I am assigned a block of IP addresses from the Office of Information 
> > Tech. at our University. Along with this block of IP's come the DNS 
> > servers I have to use and the Default Gateway. Everything else, DHCP, 
> > File server, webserver is up to me to provide. I need to build a 
> > firewall that will allow my current block of addresses(class B), which 
> > are assigned to my network from a DHCP server that will is on my 
> > network to access the net while providing a secure environment. Since 
> > I have a substantial amount of addresses I do not need NAT to use 
> > 192's, etc... Where my confusion comes in is the fact that I am 
> > already assigned a default gateway on my network. Is it possible to 
> > apply a firewall with Internet connection sharing that acts as a new 
> > default gateway for my internal network while the firewall would still 
> > use the Default Gateway assigned to me? How would I go about sharing 
> > that connection without using NAT? Or should I just build a bridging 
> > firewall? I am hesitant about a bridging firewall because it seems 
> > that it would need to be fairly speedy to keep up with our network 
> > traffic. Any recommendations would be appreciated. Thanks.
> 
> I realize this is not the answer you're seeking, exactly, but it seems 
> that if you just used NAT everything would be a lot simpler. There's 
> really almost no reason not to use NAT, if you have a reasonably good 
> firewall (and iptables qualifies) and it's kind of easier to understand 
> what's going on. And, pretty much everyone runs out of IP addresses 
> faster than they expect to--NAT will protect you from that.
> 
> With NAT, the internal address of the firewall is the gateway address 
> for the internal workstations. So the answer to your question about the 
> default gateway is "yes."
> 
> So my advice is, just use NAT.
> 
> As a side note, when you respond to messages on this list, please post 
> your messages at the bottom of the previous message. Although it seems 
> strange at first to people who are used to doing it the other way, it 
> makes it a lot easier for new people to pick up the discussion in the 
> middle. That happens a lot on a list of this volume.
> 
> --Matt
I would second the suggestion of using NAT for all the reasons given
plus it would also make the firewall easier to configure and therefore
less prone to mistakes and holes.
 -- 
jludwig <wralphie@xxxxxxxxxxx>



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux