[3876] in linux-net channel archive
Again FIREWALL ????
daemon@ATHENA.MIT.EDU (System Administrator)
Fri Jul 26 18:57:40 1996
From: System Administrator <danny@ct-ngnet.army.mil>
To: "'Linux Net'" <linux-net@vger.rutgers.edu>,
"'Linux Newbie'" <linux-newbie@vger.rutgers.edu>
Date: Fri, 26 Jul 1996 13:03:02 -0400
Well here I am still analyzing and trying to figure out what to do next.
I have configured two NIC cards on the linux box. On one of them is on my
secure network and the other is the path to the Internet. Now people gave
me good advice as far as seting up a proxy server and using the FWTK to do
so. I still have some unanswered question and these are:
1. Do I have to have DNS running on my linux box on the protected network
side?
2. I have to know if there is a way to allow "secure" telnet, ftp access
to my internal or "secure" network. Is there some sort of program that
would have a allow or deny list I can put in so linux only allows the ip
addresses that I want through.
3. I have to use IP addresses from the allocated block that I was assigned
so lets say I was assigned the class B block: 131.32
I would have to use 131.32.2.10 with a subnet of 255.255.0.0 and would not
be able to deviate from this.
Now being that my network comming off the router would be 131.32.0.0 I
still have (Guidelines from the managers) to assign numbers in the class B
block to every node on the network, even to the ones on the "secure" side
of the firewall. Look at the diagram below.
(BIG I) router 131.32.2.10 mask 255.255.0.0
------------[===]
-------------------------------------------------------------->(1)
network 131.32.0.0
NIC(1) 131.32.2.20 mask 255.255.0.0 Firewall NIC(2) 131.32.3.2
subnet???<-This is where
(1)-------------------------------------------------->[======]----------
-------------------------------------------------
I start to loose it. If I assign 255.255.0.0 I am telling linux that both
networks are the same
so I will have problems with this setup. On the other hand if I use a
different subnet all the
needed addresses will not be available to my internal network.
As ussual any help is appreciated...
-----------------------------------------------------------------
Daniel Maldonado \|///
Systems Administrator < o )
Phone: 860-493-2781 \\ ///
e-mail: danny@ct-ngnet.army.mil ( )
