Re: Network Firewall/Routing Solution
From: Berk S. Daemon (someone@somewhere.com)Date: 05/07/02
- Next message: vinny: "Re: win xp firewall"
- Previous message: Berk S. Daemon: "Re: IPCHains (Locked myself out) OOops... Way around it?"
- In reply to: Marco Polo: "Network Firewall/Routing Solution"
- Next in thread: Marco Polo: "Re: Network Firewall/Routing Solution"
- Reply: Marco Polo: "Re: Network Firewall/Routing Solution"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Berk S. Daemon" <someone@somewhere.com> Date: Tue, 07 May 2002 03:19:09 GMT
"Marco Polo" <MarcoPolo@bdku.com> wrote in message
news:JdTA8.6240$Fr2.1578176@twister.kc.rr.com...
> Hi, and thanks for the time your taking to read my post. I am looking
> for a good solution to route inbound and outbound traffic. I hate those
> firewall combo boxes that linksys sells, and I really don't want to run
> software on every client. My approach is to have a computer stand between
> the networks and route at the same time protecting the internal with a
> firewall.
> I've used M$'s ISA Server 2000, and it works ok with the exception of
> not working properly at all with multiple network cards. I'm still
working
> on a workaround. Might end up scripting configuration changes for the
cards
> to move all IPs to one card after getting DHCP information. I hate
sticking
> to M$ for this stuff, but I know very little about Linux, and I'd feel
more
> comfortable using an os I know all about in a firewall.
> I will need to deal with inbound web and ftp requests from the
internet
> to four IPs (on four different network cards). It would be preferable to
be
> able to filter the connections that are established to these IPs for
things
> like Unicode and header information for http requests, and in the case of
> ftp, the port command so I know what outbound connection to allow for
> non-pasv connections. Based on the information gathered, the connections
> should be redirected to an internal server, denied entirely, or used to
make
> a dynamic rule allowing an outbound connection from the ftp server.
Logging
> capabilities are a plus, as well as real-time alerts. The ability to pass
> information about the alert to a script that could run a program or send
an
> email is something I'm looking for too. I also would like to have it
proxy
> web requests form the internal network to increase apparent speeds. I
> assume I could probably just use BIND for forwarding and caching DNS
> requests. It of course needs to support regular NAT clients, but as that
is
> a long standing standard, it probably isn't an issue. As I often use
> netmeeting, and plan to purchase a couple IP phones, the ability to act as
> h.323 gatekeeper would be excellent.
> As always, scriptability, and expandability via plugins I'd make
myself
> is very important. This way, I'd be able to add in some of the features
if
> the firewall itself didn't have them.
> I realize none of you are obligated to reply or even read my post, so
I
> deeply thank those of you who can provide help, and suggest a solution
that
> might work for me.
>
Linux most certainly isn't the only soloution and has it's limitations too.
On the other hand, OpenBSD/FreeBSD/NetBSD would do all you want here and
more! H323 Proxy'ing (if you decide to do NAT+Firewall) or the other option
would be transparent bridging firewall on OpenBSD.
- Next message: vinny: "Re: win xp firewall"
- Previous message: Berk S. Daemon: "Re: IPCHains (Locked myself out) OOops... Way around it?"
- In reply to: Marco Polo: "Network Firewall/Routing Solution"
- Next in thread: Marco Polo: "Re: Network Firewall/Routing Solution"
- Reply: Marco Polo: "Re: Network Firewall/Routing Solution"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
