Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Firewall question

From: Carl Swanson <cswanson () tivoli com>
Date: Tue, 13 Jul 1999 10:57:26 -0700
I had a firewall question that I hoped the wizard
might be able to help me with ;-)

I want to set up a firewall on a Linux RedHat 5.2
machine with 2 NICs protecting a little network
from the internet (connected using ISDN or DSL to
an ISP connection). There will eventually be several of these
little isolated networks.

I need to have static IP addresses and will have
a block of 16 or 32 address per network, so total
static ip addressing.


I need to need able to connect to the little network via
the internet to do admin work, etc, but obviously I don't
want anyone else in, just me from a static IP address or two.

And I of course want to allow the little network
users full access to the internet, including web,
telnet, ftp, etc.

It has been suggested that I set things up thusly:

    I want to set up both a firewall and a proxy server. Each
    machine in the local net will have its own IP address, and
    my firewall in the linux machine will only let certain internet IP
    addresses to connect (mine). All other ip address that
    try a direct connection will be denied (except machines that are
    responding to a telnet initiation, etc, from the local net)

    I'll also install a proxy server so I can control what users use
    what services through the gateway machine and onto the internet.
    I want to be able to control who has access and log where
    they go.

    I'll also disable telnet and ftp into the gateway machine, and use
    ssh, and the secure telnet and sftp versions (but I do need
    telnet and ftp access)

    Since I'll be using RedHat 5.2 (kernel 2.0.36) I should use ipfwadm
    for the firewall.

Here are some questions I have:

    - First of all how does the above sound
    - What proxy software should I use?
    - Will I then need VPN at all between two linux machines
       over the internet? Or is the ssh and secure telnet and ftp
       enough? (I also want to do VNC remote control sessions,
       so that might be an issue).


Any tips, hints, pointers, etc, would be MUCH appreciated.

Thanks much,

Carl
cswanson () tivoli com
Previous By Date Next
Previous By Thread Next

Current thread: