Re: Linux Firewall Suggestion
From: Mike (honey_at_michaelmoyse.co.uk)
Date: Tue, 03 May 2005 13:25:21 +0100
> I work for a company that has no firewall. We are 20 person company whose
> connection to the Internet is via Cisco 1610 router - T1.
> The router (pseudo firewall - really NAT) maps 3 PUBLIC IP / External
> Address (our mail, web site, and FTP) to 3 of the Internal Servers. It does
> a one to map mapping.
> Server 1=Exchange 2003/Outlook Web Access(port 80,443) - (public ip
> 100.100.100.100 to private 192.168.1.10);
> Server 2=Sharepoint Portal 2003/Project Server 2003(port 80 and 443) -
> (public ip 100.100.100.101 to private 192.168.1.11);
> Server 3=FTP Site and MS PPTP VPN (port 21,1721) - (public ip
> 100.100.100.102 to private 192.168.1.12);
> My GOALis to get a Linux firewall that is SIMPLE to use to place between the
> internal network and our Internet router. Also, it has to be able to route
> traffic destined on public ip xxx.xxx.xxx.xxx to private ip xxx.xxx.xxx.xxx-
> same as 1 to 1 NAT mapping but more locked down due to firewall features.
> Because multiple servers have port 80 and 443, I can't just do port
> forwarding. It must be intelligent enough to see the URL/URI to forward to
> the right box.
> Hope this made sense.
> What would you guys suggest in terms in the Linux distro with this
> capability, and how I should set it up?
> Thank you!
If you are not sure what you are doing, don't play with your company
network. This is not the place to start learning about Linux firewalls.
Invest your money in a hardware solution such as a Watchguard Firebox.
You will find it easier to implement as it has a Windows front end and
you will get all the benefits of a Linux/Iptables box as that is what it
uses. You will also get first rate support (They can even configure the
box remotely for you) and upgrades.
I'm not affiliated to Watchguard in any way. I just use their boxes and
also build Linux firewalls using IPCOP and Smoothwall or just plain old