Re: Linux Firewall Suggestion
From: James Garvin (jgarvin2004_at_comcast.net)
Date: 05/03/05
- Next message: DOOOM: "rimuovere grub"
- Previous message: Dan Espen: "Re: wireless LAN card is working using Linuxant.com"
- In reply to: Mike: "Re: Linux Firewall Suggestion"
- Next in thread: Jack Masters: "Re: Linux Firewall Suggestion"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 03 May 2005 09:30:43 -0600
Mike wrote:
> KP wrote:
>
>> I work for a company that has no firewall. We are 20 person company
>> whose connection to the Internet is via Cisco 1610 router - T1.
>>
>> The router (pseudo firewall - really NAT) maps 3 PUBLIC IP / External
>> Address (our mail, web site, and FTP) to 3 of the Internal Servers.
>> It does a one to map mapping.
>>
>> Server 1=Exchange 2003/Outlook Web Access(port 80,443) - (public ip
>> 100.100.100.100 to private 192.168.1.10);
>> Server 2=Sharepoint Portal 2003/Project Server 2003(port 80 and 443) -
>> (public ip 100.100.100.101 to private 192.168.1.11);
>> Server 3=FTP Site and MS PPTP VPN (port 21,1721) - (public ip
>> 100.100.100.102 to private 192.168.1.12);
>>
>> My GOALis to get a Linux firewall that is SIMPLE to use to place
>> between the internal network and our Internet router. Also, it has to
>> be able to route traffic destined on public ip xxx.xxx.xxx.xxx to
>> private ip xxx.xxx.xxx.xxx- same as 1 to 1 NAT mapping but more locked
>> down due to firewall features. Because multiple servers have port 80
>> and 443, I can't just do port forwarding. It must be intelligent
>> enough to see the URL/URI to forward to the right box.
>>
>> Hope this made sense.
>>
>> What would you guys suggest in terms in the Linux distro with this
>> capability, and how I should set it up?
>>
>> Thank you!
>>
>
> If you are not sure what you are doing, don't play with your company
> network. This is not the place to start learning about Linux firewalls.
> Invest your money in a hardware solution such as a Watchguard Firebox.
> You will find it easier to implement as it has a Windows front end and
> you will get all the benefits of a Linux/Iptables box as that is what it
> uses. You will also get first rate support (They can even configure the
> box remotely for you) and upgrades.
I second the Watchguard Firebox. While it isn't always the ideal
solution (it really depends on your situation), it is a pretty damn good
product and does what it is supposed to do. They also aren't that
expensive and quite beefy.
> I'm not affiliated to Watchguard in any way. I just use their boxes and
> also build Linux firewalls using IPCOP and Smoothwall or just plain old
> IPtables.
I would have a Linux box on a test network where I could play with
IPtables and fart around with setting up the firewall. Once you
understand it and have it down, you can go live...but Mike is right. It
isn't a good idea to play around with security on your corporate network.
- Next message: DOOOM: "rimuovere grub"
- Previous message: Dan Espen: "Re: wireless LAN card is working using Linuxant.com"
- In reply to: Mike: "Re: Linux Firewall Suggestion"
- Next in thread: Jack Masters: "Re: Linux Firewall Suggestion"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
