Re: Network Firewall/Routing Solution
From: Marco Polo (MarcoPolo@bdku.com)Date: 05/07/02
- Next message: Dimitri Pochet: "Belgium, ADSL, Eicon Diva 2430 IG and Securemote Checkpoint VPN client"
- Previous message: Johan76Gbg: "Re: win xp firewall"
- In reply to: Berk S. Daemon: "Re: Network Firewall/Routing Solution"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Marco Polo" <MarcoPolo@bdku.com> Date: Mon, 6 May 2002 22:27:01 -0500
Thanks!
"Berk S. Daemon" <someone@somewhere.com> wrote in message
news:NIHB8.34775$xS2.2646020@news1.calgary.shaw.ca...
>
> "Marco Polo" <MarcoPolo@bdku.com> wrote in message
> news:JdTA8.6240$Fr2.1578176@twister.kc.rr.com...
> > Hi, and thanks for the time your taking to read my post. I am
looking
> > for a good solution to route inbound and outbound traffic. I hate those
> > firewall combo boxes that linksys sells, and I really don't want to run
> > software on every client. My approach is to have a computer stand
between
> > the networks and route at the same time protecting the internal with a
> > firewall.
> > I've used M$'s ISA Server 2000, and it works ok with the exception
of
> > not working properly at all with multiple network cards. I'm still
> working
> > on a workaround. Might end up scripting configuration changes for the
> cards
> > to move all IPs to one card after getting DHCP information. I hate
> sticking
> > to M$ for this stuff, but I know very little about Linux, and I'd feel
> more
> > comfortable using an os I know all about in a firewall.
> > I will need to deal with inbound web and ftp requests from the
> internet
> > to four IPs (on four different network cards). It would be preferable
to
> be
> > able to filter the connections that are established to these IPs for
> things
> > like Unicode and header information for http requests, and in the case
of
> > ftp, the port command so I know what outbound connection to allow for
> > non-pasv connections. Based on the information gathered, the
connections
> > should be redirected to an internal server, denied entirely, or used to
> make
> > a dynamic rule allowing an outbound connection from the ftp server.
> Logging
> > capabilities are a plus, as well as real-time alerts. The ability to
pass
> > information about the alert to a script that could run a program or send
> an
> > email is something I'm looking for too. I also would like to have it
> proxy
> > web requests form the internal network to increase apparent speeds. I
> > assume I could probably just use BIND for forwarding and caching DNS
> > requests. It of course needs to support regular NAT clients, but as
that
> is
> > a long standing standard, it probably isn't an issue. As I often use
> > netmeeting, and plan to purchase a couple IP phones, the ability to act
as
> > h.323 gatekeeper would be excellent.
> > As always, scriptability, and expandability via plugins I'd make
> myself
> > is very important. This way, I'd be able to add in some of the features
> if
> > the firewall itself didn't have them.
> > I realize none of you are obligated to reply or even read my post,
so
> I
> > deeply thank those of you who can provide help, and suggest a solution
> that
> > might work for me.
> >
>
> Linux most certainly isn't the only soloution and has it's limitations
too.
I realise Linux has limitations, like video drivers in perticular, but I
think it would be fun to diversify, and learn more about different operating
systems
>
> On the other hand, OpenBSD/FreeBSD/NetBSD would do all you want here and
> more! H323 Proxy'ing (if you decide to do NAT+Firewall) or the other
option
> would be transparent bridging firewall on OpenBSD.
>
>
Again, thanks for your help.
- Next message: Dimitri Pochet: "Belgium, ADSL, Eicon Diva 2430 IG and Securemote Checkpoint VPN client"
- Previous message: Johan76Gbg: "Re: win xp firewall"
- In reply to: Berk S. Daemon: "Re: Network Firewall/Routing Solution"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
