Hi,
>> for reference >>
>>The Cisco can only do the first of these. (These methods can be used to
>>provide some level of security for your private networks, if properly
>>setup, but you haven't mentioned any requirement to do so.)
This is exactly what we are trying to do. The summary contains what each system
will
have/or function.
* The First Linux Box has the TIS Firewall Toolkit.
- configured with TIS FWTK, ipfwadm, and monitoring scripts
* The Second Linux Box was to act as a router as well as monitor/receive
information
about the First Linux Box.
If a detection of an intruder is found on the First Linux Box, the Second Linux
Box
would deconfigure its
interface and send a message to a technician that the firewall was breached.
- configured with detection scripts and deconfiguration scripts
So, I believe what you are saying is to use either SOCKS or TIS FWTK again on the
Second
Linux Box? Do we need to be using ipfwadm again on the Second Linux Box? This part
does
not quite make sense. I was thinking that I would have to masquerade 2 times
(ipfwadm), but
it looks like/and acts like the masquerading is garbeling the translation. Any
information/directions would be greatly appreciated. Thanks in advance.
Darren [EMAIL PROTECTED]
>>> The following is the prior posts for reference.
Date: Wed, 10 Mar 1999 12:10:51 -0800
From: [EMAIL PROTECTED]
Subject: Re: Is this a valid layout
It's valid as long as the private addresses are somehow translated to
public ones before packets reach the Internet. This can be done in a Cisco
router or in one of your Linux boxes. Some of the mechanisms to do this
are:
* Network Address Translation
* A circuit layer proxy (such as socks)
* An application layer proxy
The Cisco can only do the first of these. (These methods can be used to
provide some level of security for your private networks, if properly
setup, but you haven't mentioned any requirement to do so.)
Tony Rall
Darren Ehmke <[EMAIL PROTECTED]> on 03/09/99 08:28:33
We are setting up a firewall and have ran into a couple of difficulties
with routing and
ipfwadm. Something that I recently thought of was, we use 2 private
networks to accomplish
the task. Can 2 private networks be crossed to attain the Internet? The
layout is below.
Thanks in advance.
Internet
\|/
|
Cisco Router (ISP)
| 999.170.224.104 mask: 255.255.255.252
|
|
| 999.170.224.105 mask: 255.255.255.252
Cisco Router (ours)
| 888.64.128.33 mask: 255.255.255.224
|
|
| 888.64.128.40 mask: 255.255.255.224
First Linux Box
| 192.168.1.40 mask: 255.255.255.0
|
|
| 192.168.1.41 mask: 255.255.255.0
Second Linux Box
| 10.60.1.41 mask: 255.255.0.0
|
|
|
/|\ 10.X.X.X mask: 255.255.0.0
Our Internal Network
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
