Jack Yes, your demands are very basic for a GNAT Box - I'm surprised GTA couldn't help - as far as I remember from earlier GNAT Boxes, this type of scenario is covered in the manual with examples.
Anyhow, you only need two network interfaces, although you might want to configure a third which is completely protected and isolated from the internet, where you can keep your management station, collect logs from the GB2000 etc. Configure 1 interface as "EXT", one as "PRO", and another as "PSN". The GB2000 will replace your Cisco router. The EXT interface obviously goes to the public internet connection, and the PSN is where you put your servers. Give the EXT interface an address in your present "public" range, and the PSN an address in the range used by your servers. This will ensure you don't have to make changes to any of your connected equipment. In the NAT section of your GB2000, create an alias for each device you want to connect to behind the firewall - give them names which begin with alias, so that you can distinguish between the alias and the real thing later when you come to set up filters. (E.G. create an alias called "Alias WWW", on interface "EXT" with the external (public) address of your web server. Now create inbound tunnels for each of the aliases to the device you want to connect to, for example, Tunnel Description "Access to web server", protocol TCP, from interface "Alias WWW" from port 80 to IP address 192.168.100.www (where www is the real address of your server)to port 80. Now create a Remote Access Filter to allow this tunnel to be used. This will be something like :- type - Accept, Interface - EXT, Protocol - TCP, Source - ANY_IP, port(s) - leave blank, destination address - Alias WWW, port(s) 80. You've now done everything that you need to allow port 80 traffic only to your web server. Obviously you may want to add multiple ports depending on what services are run on each server. Hopefully this will get you started, regards, Brian Adams (Senior ICT Engineer) NEELB - ICT Management Services This e-mail and any accompanying documents are strictly confidential and sent for the personal attention of the addressee. The message may contain information which is privileged. Unauthorised use is strictly prohibited and may be unlawful. If you are not the intended addressee you must not copy, disclose or otherwise use this message. If you have received this message in error, please notify the sender immediately by replying to the above address. The content of this e-mail represents the views of the individual and not NEELB. -----Original Message----- From: Jack Evans [mailto:[EMAIL PROTECTED] Sent: 05 January 2005 03:01 To: [email protected] Subject: [gb-users] Newbie needs help I didn't get even close to the answers I needed in my first support call to GTA so I am hoping this group can help. I just received a new GB 2000 and I need to set it up for a very basic (in my opinion) configuration. I can't get past the first step. Currently I have a CISCO router configured with one interface to the public net, the other is to my internal network which is all 192.168.x.x The CISCO is currently handling the NAT'ing using static NAT's (192.168.100.x = 64.58.110.x) All of the hosts behind the router are net servers (web,email,ftp,dns) This is a colo rack, so there is not another network, ie: workstations) Obviously I need public access to all the internet related services, and everything else should be blocked. We plan on implementing the mail sentinel later but not until we get familiar with the basic configuration. Is there a simple answer to how I configure the GB interfaces or a simple example? TIA, Jack Evans [EMAIL PROTECTED] ------------------------------------------------------ To unsubscribe: [EMAIL PROTECTED] For additional commands: [EMAIL PROTECTED] Archive: http://archives.gnatbox.com/gb-users/ ------------------------------------------------------ To unsubscribe: [EMAIL PROTECTED] For additional commands: [EMAIL PROTECTED] Archive: http://archives.gnatbox.com/gb-users/
