firewall ??

Bobby Knueven knueven.7 at osu.edu
Thu Jul 8 18:12:20 UTC 2004 

Still a little confused on firewalls. Here's my situation (more detail 
this time).

I am assigned a block of IP addresses from the Office of Information 
Tech. at our University. Along with this block of IP's come the DNS 
servers I have to use and the Default Gateway. Everything else, DHCP, 
File server, webserver is up to me to provide. I need to build a 
firewall that will allow my current block of addresses(class B), which 
are assigned to my network from a DHCP server that will is on my 
network to access the net while providing a secure environment. Since I 
have a substantial amount of addresses I do not need NAT to use 192's, 
etc... Where my confusion comes in is the fact that I am already 
assigned a default gateway on my network. Is it possible to apply a 
firewall with Internet connection sharing that acts as a new default 
gateway for my internal network while the firewall would still use the 
Default Gateway assigned to me? How would I go about sharing that 
connection without using NAT? Or should I just build a bridging 
firewall? I am hesitant about a bridging firewall because it seems that 
it would need to be fairly speedy to keep up with our network traffic. 
Any recommendations would be appreciated. Thanks.

Bobby Knueven


>> If you are putting a firewall between your subnet and the default 
>> gateway
>> for your subnet the simplest setup is a bridging firewall. It's not as
>> trivial to configure as a normal or routing firewall. I've only 
>> actually
>> done this with RH7.3, but I don't think there are any fundamental 
>> differences.
>>
>> As a bridging firewall you can set it up to inspect packets as they 
>> pass
>> through the bridge and reject or drop those it doesn't like. 
>> Otherwise it
>> operates just like a bridge, and is effectively transparent to the 
>> rest of
>> the network. If you want, you can give an IP to the bridge so that 
>> you can
>> access it from other hosts, but that's not necessary if you maintain 
>> it from
>> the console.
>>
>> -- 
>> Nigel Wade, System Administrator, Space Plasma Physics Group,
>>              University of Leicester, Leicester, LE1 7RH, UK
>> E-mail :    nmw at ion.le.ac.uk
>> Phone :     +44 (0)116 2523548, Fax : +44 (0)116 2523555
>>
>
>
> -- 
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>

More information about the users mailing list