Re: [fw-wiz] Router with firewall suggestion

From: Paul D. Robertson (proberts@patriot.net)
Date: 12/15/02


From: "Paul D. Robertson" <proberts@patriot.net>
To: Steve Bostedor <Steveb@tshore.com>
Date: Sun Dec 15 09:27:00 2002

On Mon, 2 Dec 2002, Steve Bostedor wrote:
[Moderator's note: I'm not going to approve "My favorite firewall"
messages to the list- send them directly if you must.]

> We have a small block of external Ip addresses being routed to us from
> our broadband ISP. They do not allow us to set the access-lists on
> their edge router, so we need to put something on our side that will
> filter traffic and act as a firewall for those addresses. Layer 3
> switches look real expensive. Any recommendations?

1. Add your own router behind the ISP's router and have them adjust their
routing tables accordingly (possibly you could add a router without any
adjustment with an unnumbered interface.)

2. Add a bridge mode packet filter. There are free ones and commercial
ones.

3. Put in a small firewall and NAT the "public" addresses (preferably off
to a service network on a 3rd interface) and proxy ARP for the outside
addresses. You can either go with a free *nix solution, or one of a
multitude of commercial offerings, almost all of which probably live in
the Firewall Buyer's Guide at http://www.icsalabs.com/ (exact location
left as an exercise for the reader.)

Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts@patriot.net which may have no basis whatsoever in fact."
probertson@trusecure.com Director of Risk Assessment TruSecure Corporation



Relevant Pages

  • Re: Just venting (totally OT)
    ... the ame router to get access to the net! ... I'm paranoid about opening up my firewall "just in case..." ... not visiting dodgy Websites. ... The protection that it does supply is also provided by ...
    (uk.people.support.depression)
  • Re: Just venting (totally OT)
    ... how long it plays for because it's all been ripped on to hard disc ... the ame router to get access to the net! ... I'm paranoid about opening up my firewall "just in case..." ... The protection that it does supply is also provided by ...
    (uk.people.support.depression)
  • Re: What is broken:McAfeee firewall or my router ????? Urgent, ple
    ... your computer regardless of what McAfee firewall said. ... If your router is ... warned about those ports being available right away if you had any of those ...
    (microsoft.public.security)
  • Re: What is broken:McAfeee firewall or my router ????? Urgent, ple
    ... your computer regardless of what McAfee firewall said. ... If your router is ... warned about those ports being available right away if you had any of those ...
    (microsoft.public.security)
  • Re: Just venting (totally OT)
    ... long it plays for because it's all been ripped on to hard disc so it ... I'm paranoid about opening up my firewall "just in case..." ... having the protection of a router, not opening dodgy emails, and not ... The protection that it does supply is also provided by your router ...
    (uk.people.support.depression)