Re: Linux Firewall Suggestion
From: Darko Gavrilovic (darkogAThushmailDOTcom)
Date: 05/02/05
- Next message: usr: "Re: PKG_CONFIG_PATH"
- Previous message: William Comeau: "Re: MEPIS Issues"
- In reply to: Michael W Cocke: "Re: Linux Firewall Suggestion"
- Next in thread: Michael W Cocke: "Re: Linux Firewall Suggestion"
- Reply: Michael W Cocke: "Re: Linux Firewall Suggestion"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 02 May 2005 05:38:03 -0500
Michael W Cocke <cocke@catherders.com> wrote in
news:6f7b71l3qnqs9di5ktptpaev09r306brag@4ax.com:
> On Sun, 01 May 2005 20:41:30 GMT, "KP" <kipp@idea.com> wrote:
>
>>I work for a company that has no firewall. We are 20 person company
>>whose connection to the Internet is via Cisco 1610 router - T1.
>>
>>The router (pseudo firewall - really NAT) maps 3 PUBLIC IP / External
>>Address (our mail, web site, and FTP) to 3 of the Internal Servers.
>>It does a one to map mapping.
>>
>>Server 1=Exchange 2003/Outlook Web Access(port 80,443) - (public ip
>>100.100.100.100 to private 192.168.1.10);
>>Server 2=Sharepoint Portal 2003/Project Server 2003(port 80 and 443) -
>>(public ip 100.100.100.101 to private 192.168.1.11);
>>Server 3=FTP Site and MS PPTP VPN (port 21,1721) - (public ip
>>100.100.100.102 to private 192.168.1.12);
>>
>>My GOALis to get a Linux firewall that is SIMPLE to use to place
>>between the internal network and our Internet router. Also, it has to
>>be able to route traffic destined on public ip xxx.xxx.xxx.xxx to
>>private ip xxx.xxx.xxx.xxx- same as 1 to 1 NAT mapping but more locked
>>down due to firewall features. Because multiple servers have port 80
>>and 443, I can't just do port forwarding. It must be intelligent
>>enough to see the URL/URI to forward to the right box.
>>
>>Hope this made sense.
>>
>>What would you guys suggest in terms in the Linux distro with this
>>capability, and how I should set it up?
>>
>>Thank you!
>>
>
> Shorewall is the best compromise I've seen between having to learn
> iptables (which is NOT for the new user) and one of those useless
> linksys boxes. It's as flexible as your ability to configure it.
> I've been using it here and installing it at client sites for several
> years. I haven't had anything that it coldn't do yet, and it really
> is uch simpler than native iptables.
>
> http://www.shorewall.net
>
<snip>
Do you find shorewall more flexible than smoothwall with mods?
-- # cd /usr/src/ # make buildworld "This is gonna take all night, isn't it?"
- Next message: usr: "Re: PKG_CONFIG_PATH"
- Previous message: William Comeau: "Re: MEPIS Issues"
- In reply to: Michael W Cocke: "Re: Linux Firewall Suggestion"
- Next in thread: Michael W Cocke: "Re: Linux Firewall Suggestion"
- Reply: Michael W Cocke: "Re: Linux Firewall Suggestion"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
