Re: About Firewall configuration

aragonx@xxxxxxxxxx wrote:

My means :
The Server machine is not DMZ, so can it use Private IP only ?



Your only limitation is that a machine can NOT use an address in the
private IP range to communicate DIRECTLY to the Internet.


Sorry, pardon me !

I did not mean to sound like I was yelling. I simply used the capitals to
emphasize. :)

If you have a router (be it hardware or software) to map your traffic to
a
public IP, you can use either.


The router machine is a general router machine which provided by ISP, so
it can't to be configed with firewall function ( only routed / routing
function )...

Another poster suggested you go and install surewall. I would not suggest
you do that! Not without some thought and planning anyway. You would
want a good understanding of what that package is and how it can help you.
Putting another router that is totally under your control between your
network and your ISPs is a good idea though.

Give a lot of thought to your network design and what you want to do with
it. Do some reading on DMZs and what they are intended to do. You really
want to allow the minimum amount of incoming (and to a slightly lesser
degree outgoing) traffic while still allowing your users to perform their
functions.

Here are a few sites to get you started:

http://tldp.org/HOWTO/Security-HOWTO/index.html

http://www.netfilter.org/

http://www.linuxsecurity.com/

I hope this all makes sense without being too basic. Security is an
important topic.



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Relevant Pages

  • Re: Network Security Design
    ... > connected to DMZ and the other connected directly to the Private ... the services and hosts you put in the DMZ are the ones that get ... > that are needed by internal users and public users. ... but if the DMZ is also a private network and depends on portforwarding, ...
    (comp.security.firewalls)
  • Re: [fw-wiz] Internet accessible screened subnet - use public or private IPs?
    ... Presently we use a private IP address range for this that is ... > public IPs in the DMZ? ... public stuff should be on its own physical subnet. ... Paul D. Robertson "My statements in this message are personal opinions ...
    (Firewall-Wizards)
  • Re: Help with security design documentation
    ... If you believe that having a three networks (DMZ, public, private) reduces your security risk, then it's obviously silly to say "we have a private network that we run a public server on, and a DMZ with nothing on it, and a public network to talk to the empty DMZ". ...
    (microsoft.public.security)
  • Re: About Firewall configuration
    ... I want to know MUST the Server machine BEHIND the linux firewall / ... router machine, then it can be assign PRIVATE IP to instead of ... network while only having a single box directly exposed to the Internet. ...
    (Fedora)
  • Re: DMZ Configuration
    ... static NAT through to the machine on the DMZ from the firewall. ... We always had to use a seperate private IP address and use the ... >> I have an internet connection on a leased line, ... >> It has on the untrust interface a public ip (1 of that assigned by our ...
    (comp.security.firewalls)