I want to setup up our department firewall as "packet filtering firewalls"
and "application proxy server" so that I could block certain network
packets and log everything what people are doing.
Here are our situation:
Internet --- OSU/router --- gateway (xxx.xxx.67.1) --- Firewall --- WS/s
(real ip addresses)
Outside (xxx.xxx.133.1)
This is how I want to set it up. Please note that I don't have any control
over our default gateway because it doesn't belong to us and we have two
subnets, 67 and 133. Since we have two subnets, I guess I need to have
three ethernet cards on the firewall machine. -- ?
Anyway, I am following the firewall-HOWTO, ipchains-HOWTO, and other
firewall books and it shows well with an example of building a firewall for
home-based system:
having private LAN;
two ethernet cards on the firewall; eth0 - real ip; eth1 - 192.168.xxx.xxx
< -- i finished up to this point
making the firewall as gateway/proxy with ipmasq; < - i don't think really
need this -- ?
firewall stuff with ipchains; < - right now studying ipchain rules
I am trying to see how everything would fit into our network. I just can't
figure out how I should make changes to our firewall. At this point, I
setup it everything up to *arrow symbol.
In the past, I posted a question whether I could build a firewall not as
gateway. It seems like most of answer that I got was yes. I guess I
understand that it's not really necessary since all our WS/s have real ip
addresses and recognize the default gateway. But still all our WS/s have to
recognize that the firewall is also a gateway, wouldn't it -- ? so that the
packet that going through can be blocked based on the ipchain rules. If
WS/s don't recognize the firewall as a gateway, then the ipchain wouldn't
work, right - ?
Said all of these, I just don't know what I need to do next.
I am struggling with this more than a month now and everything seems odd.
Any comment/suggestion would be great. Thank you very much.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
