Re: firewall ??
From: Matt Morgan (matt.morgan-fedora-list_at_brooklynmuseum.org)
Date: 07/08/04
- Previous message: Alexander Dalloz: "Re: Frontpage extension and Suexec problem."
- In reply to: Bobby Knueven: "Re: firewall ??"
- Next in thread: jludwig: "Re: firewall ??"
- Reply: jludwig: "Re: firewall ??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 08 Jul 2004 14:39:15 -0400 To: For users of Fedora Core releases <fedora-list@redhat.com>
On 07/08/2004 02:12 PM, Bobby Knueven wrote:
> Still a little confused on firewalls. Here's my situation (more detail
> this time).
>
> I am assigned a block of IP addresses from the Office of Information
> Tech. at our University. Along with this block of IP's come the DNS
> servers I have to use and the Default Gateway. Everything else, DHCP,
> File server, webserver is up to me to provide. I need to build a
> firewall that will allow my current block of addresses(class B), which
> are assigned to my network from a DHCP server that will is on my
> network to access the net while providing a secure environment. Since
> I have a substantial amount of addresses I do not need NAT to use
> 192's, etc... Where my confusion comes in is the fact that I am
> already assigned a default gateway on my network. Is it possible to
> apply a firewall with Internet connection sharing that acts as a new
> default gateway for my internal network while the firewall would still
> use the Default Gateway assigned to me? How would I go about sharing
> that connection without using NAT? Or should I just build a bridging
> firewall? I am hesitant about a bridging firewall because it seems
> that it would need to be fairly speedy to keep up with our network
> traffic. Any recommendations would be appreciated. Thanks.
I realize this is not the answer you're seeking, exactly, but it seems
that if you just used NAT everything would be a lot simpler. There's
really almost no reason not to use NAT, if you have a reasonably good
firewall (and iptables qualifies) and it's kind of easier to understand
what's going on. And, pretty much everyone runs out of IP addresses
faster than they expect to--NAT will protect you from that.
With NAT, the internal address of the firewall is the gateway address
for the internal workstations. So the answer to your question about the
default gateway is "yes."
So my advice is, just use NAT.
As a side note, when you respond to messages on this list, please post
your messages at the bottom of the previous message. Although it seems
strange at first to people who are used to doing it the other way, it
makes it a lot easier for new people to pick up the discussion in the
middle. That happens a lot on a list of this volume.
--Matt
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
- Previous message: Alexander Dalloz: "Re: Frontpage extension and Suexec problem."
- In reply to: Bobby Knueven: "Re: firewall ??"
- Next in thread: jludwig: "Re: firewall ??"
- Reply: jludwig: "Re: firewall ??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
