[LINUX.ORG.MT] Do I need another firewall?

Wed, 23 Feb 2005 10:17:09 +0100 (CET)

Hi List
 
Sorry this mail is a bit long.. but it should be a simple problem..here goes
 
I have the Datastream teleworking service. 
(Just to be clear.. this links two ADSL modems, one at home and the other at an office, over a sort of leased line, so that two networks can be connected transparently to eachother. The ADSL modems for this purpose look like hubs at each end).

At one end I can connect to the internet through so that I have a ppp0 interface to my ISP.

The setup look something like this:

 

                                           <---HOME | OFFICE -->
                                                    |
                                                    |
 __________________________           PPTP          |
 |      |           |      |       _____|______ 192.168.2.x____________
 | eth1 |  FIREWALL | eth0 |------| ADSL Modem |----------| ADSL Modem |
 |______|___________|& ppp0|      |___home_____|    |     |___office___|
    |                                               |            |
192.168.1.x                                         |       192.168.2.x    ____|____                                                   _____|_____   
NETWORK A                                                    NETWORK B

 
 
On the firewall at home, my routing table looks like this:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.168.219 *               255.255.255.255 UH    0      0        0 ppp0
192.168.2.0     *               255.255.255.0   U     0      0        0 eth0
192.168.1.0     *               255.255.255.0   U     0      0        0 eth1
default         192.168.168.219 0.0.0.0         UG    0      0        0 ppp0

By setting the gateway on the hosts on Network A to the firewall eth1 address, and the gateway on the hosts on Network B to the firewall eth0 address, I have internet connectivity from both networks. The firewall is also acting as a DHCP server on both networks.

I am about to implement a set of iptables rules on the firewall to get a good level of security.

My question is this:
To have the same security on network B as network A, do I have to put another firewall after the ADSL modem at the office?
I have two lines of reasoning in my head:
One is that network B is not as secure as network A because it is 'in front of' the firewall.
The other is that Network B is just as safe because anyway any internet traffic must get routed through eth0, then ppp0, and therefore I can implement the same IPtables rules for routing from ppp0 to eth0 and eth1.
Which is the right one?

Also another quick question. I see no security problems with the Firewall being also a Samba server for net A and net B, as long as protected properly with the Iptables. Is this right?

Thanks

Steve


Don't just search. Find. MSN Search Check out the new MSN Search!

Reply via email to