Re: [fw-wiz] Router with firewall suggestion

From: Paul D. Robertson (
Date: 12/15/02

From: "Paul D. Robertson" <>
To: Steve Bostedor <>
Date: Sun Dec 15 09:27:00 2002

On Mon, 2 Dec 2002, Steve Bostedor wrote:
[Moderator's note: I'm not going to approve "My favorite firewall"
messages to the list- send them directly if you must.]

> We have a small block of external Ip addresses being routed to us from
> our broadband ISP. They do not allow us to set the access-lists on
> their edge router, so we need to put something on our side that will
> filter traffic and act as a firewall for those addresses. Layer 3
> switches look real expensive. Any recommendations?

1. Add your own router behind the ISP's router and have them adjust their
routing tables accordingly (possibly you could add a router without any
adjustment with an unnumbered interface.)

2. Add a bridge mode packet filter. There are free ones and commercial

3. Put in a small firewall and NAT the "public" addresses (preferably off
to a service network on a 3rd interface) and proxy ARP for the outside
addresses. You can either go with a free *nix solution, or one of a
multitude of commercial offerings, almost all of which probably live in
the Firewall Buyer's Guide at (exact location
left as an exercise for the reader.)

Paul D. Robertson "My statements in this message are personal opinions which may have no basis whatsoever in fact." Director of Risk Assessment TruSecure Corporation