[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: best way to have an external firewall (not simple firewall)

To: misc@openbsd.org
Subject: Re: best way to have an external firewall (not simple firewall)
From: Chuck Yerkes <chuck+obsd@2004.snew.com>
Date: Wed, 18 Feb 2004 02:40:04 -0500
Content-Disposition: inline
References: <20040217193815.35953.qmail@web80810.mail.yahoo.com>
User-Agent: Mutt/1.4i

Quoting joe angth (joeangth@yahoo.com):
> hello all, i am trying to set up an external firewall,
> and i'm asking the best advice on how to do it.
> 
> Network config:
> 
> Internet -> ext-fw -> switch -> int-fw -> switch ->
> int
>                         ->server1
>                         ->server2
>                         ->etc
> 
> My question is this, is it easier/better to have
> ext-fw just be a firewalling bridge, or should i play
> with the routes and have it actually act like a
> router?, ie, pass all packets for everything else
> through, and then have it act as a gateway for all the
> servers and int network?

Pretty much that would depend on your environment, skills,
staff and needs. 

Common is a single bastion host with 3 (or more) interfaces,
(in/out/DMZ0[/dmz1[/dmz2]]).

We use a classic cheswick/bellovin DMZ, but we have 8 DMZs
with 50 machines and 20k employees.

Net -> router -> FW -> router -> FW2 -> internal networks
                 |->DMZ1
                 |->DMZ2
                 etc.

References:
- best way to have an external firewall (not simple firewall)
  - From: joe angth <joeangth@yahoo.com>

Prev by Date: Re: Replacement for XFree86...
Next by Date: Re: Soekris net4501 - repetitive reboots
Prev by thread: Re: best way to have an external firewall (not simple firewall)
Next by thread: Compiling kernel for addl. pcmcia support
Index(es):
- Date
- Thread