FC as network firewall.

Franco primo at ischianet.com
Thu Jan 27 10:05:38 UTC 2005 


Rodolfo J. Paiz ha scritto:
> On Wed, 2005-01-26 at 19:40 +0100, Franco wrote:
> 
>>Hi, what i need is this:
>>i have a Cisco Router and 8 servers with 8 public ips,
>>now i need of a firewall and i want to setup a linux server
>>as firewall to filter all incoming traffic from router and
>>pass it to a servers if the firewall policy have passed.
>>
>>What i need to know is how can i setup the ethernet card
>>for use it as firewall-gateway for my public lan.
>>Best regards.
>>
> 
> 
> All you need is to set up the Linux system with *two* Ethernet cards
> (not one, as your text seems to suggest) connected this way:
> 
> Cisco <---> Linux firewall <---> Ethernet Switch <---> Servers
> 
> Once you have both Ethernet interfaces, Shorewall has NAT and
> masquerading abilities that are more than ample for your needs. I do
> this kind of thing quite frequently.
> 
> However, as some other poster pointed out, this sounds very much like a
> system on which your business will depend; and that makes the cost of
> any mistakes, or downtime, or a cracked firewall, much higher (perhaps
> more than you can afford).
> 
> Are you sure you want to set this up as your first project? Perhaps you
> would be well advised to set up a test system or three, get to know the
> software involved, and understand the material better before you go
> "live"?
> 
> Also, is there a reason you are using such a powerful box for your
> firewall? You have 2,700 MHz and probably don't need more than 200 MHz;
> and you have 768MB of RAM where at most you likely need 64MB. I don't
> suggest that you *must* use old and underpowered hardware! I simply
> would like to be sure that you are not under the opposite mistaken
> impression (i.e. that you actually need this much power).
> 
> Cheers,
> 
Hi, i have already installed 2 Nic card, but how can i setup the NIC
card to gateway the traffic, as the first step for me this will be
the best to put the server beetwen the Router and the Switch and
all work fine. After i will start to configure iptables with shorewall.
I have also another question with this configuration i can analize
the mail traffic to delete virus and spamming?
Best regards.

Ps. Sorry i'm very nerby and for pc i have only this.

More information about the fedora-list mailing list