Hello once again! On Tue, May 18, 1999 at 09:24:45AM +0000, Graham Lillico +44 1785 782329 wrote: > Hi again, and Thanks for all the replys. > > Well this firewall is to sit between the internet and my network, > using a dialup connection for the time being but this will be > upgraded to a permanent connection in the near future. I am looking > at using ipchains to do the packet filtering and the internal network > is only going to need email and maybe web access.
Do you mean the firewall box only to act as a www, mail forwarder or will you be using it as mailserver as well? In that case, a decent mail transport system would be helpful :) You can also set the box up to act as a www caching proxy (it speeds web access quite a lot in some specific situations, like: most of the users browse mostly the same web pages and you have a _decent_ amount of RAM at the firewall box - probably 64 MEGs would be enough for a small server) Also having a nameserver set up locally is nice - you can set up names for your internal network and have it act as a dns forwarder/cache - and it does some boost if the client hosts are set up properly) Generally... your box seems more and more similar to my server at school :) > I have read the HOWTOs and other docs and I have decided that the best > solution to my situation will be a deny everything firewall and then just > explicity allow the services I require (i.e. smtp, www, etc). if it is not a gigantic (for me gigantic is more than some 100 hosts) local network then even more secure way may be having a masquerading host - in which case the clients on the local network are totally invislible directly to the outer world, but they may normally connect to the outer world. -- --------------------------------------------------- Marcin Owsiany [EMAIL PROTECTED] ---------------------------------------------------
