Re: Linux Firewall ???

From: Joe Bloggs (stuSpam-art@excite.com)
Date: 04/09/02 

From: Joe Bloggs <stuSpam-art@excite.com>
Date: Tue, 09 Apr 2002 16:11:53 +0200

Eirik Seim wrote:

> > We had an internet facing single homed box with - yes - two seperate subnets running
> > into the same lan. Worked just fine but this was eventually changed to the classic
> > dual style..
>
> Any particular reason for changing this, if it worked ok?

It was a necessary hardware/software upgrade so it was decided to also change the design to
allow maximum possible throughput with the best upgradeability. So it just made sense to
switch to a dual homed, 100mb Full Dup. system.

But I must say there is nothing wrong at all with the single homed principal for cost
efficiency and simplicity of design. Provided your external routers are secure and you do
not ever route between the networks in question that is.

>
>
> > Come to think of it we also ran filtering bridges separately...
> >
> > Gigabit to the internet! Nice.. would love to get kazaa on that... but only 100mb to
> > the wall? Load balancing maybe? What system were they running and howdit cope?
>
> It's the completely "open" network of the math department at university of
> bergen, norway. We have a gigabit backbone, but most network servers and
> clients are only 100Mbit. I have no idea what hardware/software to use if
> I was to filter the 60-80 GB of daily traffic on the backbone, but I would
> probably not try a personal firewall for Windows :)

hmm... So you dont think Zone Alarm would work for this? Not even the Pro version?

What would be nice to try I think.. would be say at least a 5000 RSM'd cat with Gb in and a
farm of load balanced, clustered FW's... Would be a very interesting project!