The answer is yes, you can use a firewall to protect your public
servers, but you do not need to use public address directly on the
servers:
+---------+
| Cisco |
+---------+
|
+----------+
| Firewall |-------(Your public servers)
+----------+
|
(Internal network)
You can use rfc1918 numbers on your public servers, and in internal
network, then use NAT and use a public address for each server, the
firewall will do the translation for you, your internal network can
use firewall public address to access the Internet.
hope it helps.
raymundo
Jon \"GenKiller\" Gaudette wrote:
Hello all,
I've set up a few Red Hat routers in my day, but have always had to set
them up in which one subnet was routing to another. I could never
create a router in where the router was just acting like a physical
switch, with the ability to filter out unwanted packets. Is this
possible?
Here's the details:
Right now the servers on the inside of a gateway (cisco) get a public IP
address, and are able to "do their thing". However, none of these
machines are protected with firewall software, and thus we have had many
(and I mean _many_) crackers get in, and ruin these servers. I don't
want to have to make all these servers have internal IP addresses,
because doing that at this point would be a major overhaul. My boss and
I are willing to do this, if we have to, but would rather the following
scenario:
We would like to add a Red Hat router/firewall physically inbetween the
gateway and the servers, that would allow for these machines to retain
their IP addresses, and allow us to block off all the ports except for
the ones that the server's use to serve their information to the
internet.
Thank you very much, I have searched google/google groups, and have come
up empty handed in both cases. All your help is truly appreciated.
-Jon "GenKiller" Gaudette
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
