Re: [fw-wiz] Router with firewall suggestion

From: Paul D. Robertson (proberts@patriot.net)
Date: 12/15/02


From: "Paul D. Robertson" <proberts@patriot.net>
To: Steve Bostedor <Steveb@tshore.com>
Date: Sun Dec 15 09:27:00 2002

On Mon, 2 Dec 2002, Steve Bostedor wrote:
[Moderator's note: I'm not going to approve "My favorite firewall"
messages to the list- send them directly if you must.]

> We have a small block of external Ip addresses being routed to us from
> our broadband ISP. They do not allow us to set the access-lists on
> their edge router, so we need to put something on our side that will
> filter traffic and act as a firewall for those addresses. Layer 3
> switches look real expensive. Any recommendations?

1. Add your own router behind the ISP's router and have them adjust their
routing tables accordingly (possibly you could add a router without any
adjustment with an unnumbered interface.)

2. Add a bridge mode packet filter. There are free ones and commercial
ones.

3. Put in a small firewall and NAT the "public" addresses (preferably off
to a service network on a 3rd interface) and proxy ARP for the outside
addresses. You can either go with a free *nix solution, or one of a
multitude of commercial offerings, almost all of which probably live in
the Firewall Buyer's Guide at http://www.icsalabs.com/ (exact location
left as an exercise for the reader.)

Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts@patriot.net which may have no basis whatsoever in fact."
probertson@trusecure.com Director of Risk Assessment TruSecure Corporation