Re: Linux Firewall Suggestion
From: Darko Gavrilovic (darkogAThushmailDOTcom)
Date: Mon, 02 May 2005 05:38:03 -0500
Michael W Cocke <email@example.com> wrote in
> On Sun, 01 May 2005 20:41:30 GMT, "KP" <firstname.lastname@example.org> wrote:
>>I work for a company that has no firewall. We are 20 person company
>>whose connection to the Internet is via Cisco 1610 router - T1.
>>The router (pseudo firewall - really NAT) maps 3 PUBLIC IP / External
>>Address (our mail, web site, and FTP) to 3 of the Internal Servers.
>>It does a one to map mapping.
>>Server 1=Exchange 2003/Outlook Web Access(port 80,443) - (public ip
>>100.100.100.100 to private 192.168.1.10);
>>Server 2=Sharepoint Portal 2003/Project Server 2003(port 80 and 443) -
>>(public ip 100.100.100.101 to private 192.168.1.11);
>>Server 3=FTP Site and MS PPTP VPN (port 21,1721) - (public ip
>>100.100.100.102 to private 192.168.1.12);
>>My GOALis to get a Linux firewall that is SIMPLE to use to place
>>between the internal network and our Internet router. Also, it has to
>>be able to route traffic destined on public ip xxx.xxx.xxx.xxx to
>>private ip xxx.xxx.xxx.xxx- same as 1 to 1 NAT mapping but more locked
>>down due to firewall features. Because multiple servers have port 80
>>and 443, I can't just do port forwarding. It must be intelligent
>>enough to see the URL/URI to forward to the right box.
>>Hope this made sense.
>>What would you guys suggest in terms in the Linux distro with this
>>capability, and how I should set it up?
> Shorewall is the best compromise I've seen between having to learn
> iptables (which is NOT for the new user) and one of those useless
> linksys boxes. It's as flexible as your ability to configure it.
> I've been using it here and installing it at client sites for several
> years. I haven't had anything that it coldn't do yet, and it really
> is uch simpler than native iptables.
Do you find shorewall more flexible than smoothwall with mods?
-- # cd /usr/src/ # make buildworld "This is gonna take all night, isn't it?"