Re: Linux Firewall Suggestion

• Previous message: Stephen Harris: "Re: Live CD dist w/r ntfs mount"
• In reply to: Mike: "Re: Linux Firewall Suggestion"
• Next in thread: Mike: "Re: Linux Firewall Suggestion"
• Reply: Mike: "Re: Linux Firewall Suggestion"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Wed, 04 May 2005 08:44:22 +0200

Mike wrote:
> KP wrote:
>
>> I work for a company that has no firewall. We are 20 person company
>> whose connection to the Internet is via Cisco 1610 router - T1.
>>
>> The router (pseudo firewall - really NAT) maps 3 PUBLIC IP / External
>> Address (our mail, web site, and FTP) to 3 of the Internal Servers.
>> It does a one to map mapping.
>>
>> Server 1=Exchange 2003/Outlook Web Access(port 80,443) - (public ip
>> 100.100.100.100 to private 192.168.1.10);
>> Server 2=Sharepoint Portal 2003/Project Server 2003(port 80 and 443) -
>> (public ip 100.100.100.101 to private 192.168.1.11);
>> Server 3=FTP Site and MS PPTP VPN (port 21,1721) - (public ip
>> 100.100.100.102 to private 192.168.1.12);
>>
>> My GOALis to get a Linux firewall that is SIMPLE to use to place
>> between the internal network and our Internet router. Also, it has to
>> be able to route traffic destined on public ip xxx.xxx.xxx.xxx to
>> private ip xxx.xxx.xxx.xxx- same as 1 to 1 NAT mapping but more locked
>> down due to firewall features. Because multiple servers have port 80
>> and 443, I can't just do port forwarding. It must be intelligent
>> enough to see the URL/URI to forward to the right box.
>>
>> Hope this made sense.
>>
>> What would you guys suggest in terms in the Linux distro with this
>> capability, and how I should set it up?
>>
>> Thank you!
>>
>
> If you are not sure what you are doing, don't play with your company
> network. This is not the place to start learning about Linux firewalls.
> Invest your money in a hardware solution such as a Watchguard Firebox.
> You will find it easier to implement as it has a Windows front end and
> you will get all the benefits of a Linux/Iptables box as that is what it
> uses. You will also get first rate support (They can even configure the
> box remotely for you) and upgrades.
>
> I'm not affiliated to Watchguard in any way. I just use their boxes and
> also build Linux firewalls using IPCOP and Smoothwall or just plain old
> IPtables.
>
> Mike

Any firewall, even a badly configured one, would be better than leaving
the network wide open. Playing with the firewall on a live network may
open one up to (physical) abuse from users that see their lunchtime
surfing/IM interrupted, but starting off with one of the many example
scripts available would be difficult to create a FW that opens the
network up further than it already is.

J

• Previous message: Stephen Harris: "Re: Live CD dist w/r ntfs mount"
• In reply to: Mike: "Re: Linux Firewall Suggestion"
• Next in thread: Mike: "Re: Linux Firewall Suggestion"
• Reply: Mike: "Re: Linux Firewall Suggestion"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]