At 07:57 PM 7/26/00 +0000, Chris Mason wrote:
>I don't want to FTP the data, I want to use it from the inside and the
>outside simultaneously.
>Besides, there will not be a machine outside the firewall. The firewall will
>NAT the internet feed.
>Everyone has jumped on me for putting data on the firewall, but no-one has
>really given me a concrete example of a better way to go. I need to stay
>with Linux open source solutions. My optimal solution might be to use a SSH
>tunnel to the data, wherever on the LAN it is. However, I don't actually
>know how to do that with a Windows client and a Linux firewall.
The latest version of Linux 2.2.x with the ipchains and ipmasqadm packages
should
allow you to configure a setup that will work both inside and outside
your front-door firewall. Services like HTTP, SSH, Telnet, and FTP may be
configured for such access.
A screened sub-network firewall architecture would be best, assuming that
you have enough machines, placing the "data" on one of the DMZ servers.
Your Windows clients would be inside the inner "choke" firewall that protects
your private resources from the semi-public ones in the DMZ perimiter
network that is accessible from the public network through the outside
DMZ firewall machine.
Robert Ziegler's "Linux Firewalls" is but one source that has the details
needed to set this all up. Then there are the HOW-TOs for ipchains and
ipmasq. These point to countless free resources that provide practical
details as well as some of the theory. I also think that Chapman and
Zwicky's "Building Internet Firewalls" is excellent in explaining various
network topologies, their pros/cons, etc., from a more theoretical
perspective.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
