RE: [Security Firewall] Custom network setup

Mon, 13 Dec 2004 22:52:25 -0800 

No problem:

You're firewalling D using F.  Setup your wireless to use a different subnet
than your LAN.  Make E your default gateway and put A on the WAN side.  Put
D on the LAN side.  D may be unsafe, but D is what you are protecting from
the internet.  Be sure to add a rule that no traffic from A's subnet is
allowed through the firewall, only the gateway address E should be
accessible from D.

You might wind up with something like this:

      C
      |
      |
B-----E--+
      |  |
      |  |
      A  F--D

If A=192.168.1.0/24 and D=192.168.2.0/24
E=192.168.1.1 and F=192.168.1.2(WAN) 192.168.2.1(LAN)
D's Gateway=192.168.2.1
A's Gateway=192.168.1.1

You could even consider placing F on the DMZ of E using a secondary address
if the Symantec Firewall supports multiple DMZ addresses (most don't).
I would rather use MNF in place of the Symantec Firewall altogether and
configure three NICs with three subnets: LAN, DMZ, Wireless

The way I have my network setup, the Wireless is trusted and directly
connected to the LAN.  The WAP uses MAC address filtering to control access,
along with 128bit key codes.  Not the most secure, but the server doesn't
hold anything so critical that anyone would want to spend time trying to
break in from the inside.

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Stephan
Terblanche
Sent: Monday, December 13, 2004 6:44 AM
To: [EMAIL PROTECTED]
Subject: [Security Firewall] Custom network setup

Hi everyone,

I am new to the list, so forgive me if I make a slip up or two.
I have a slightly different network requirement and was wondering if anyone
might be of assistance:

NETWORK A = Private
NETWORK B = DMZ
NETWORK C = ISP (Unsafe)
NETWORK D = Wireless Private (Unsafe)
Symantec Firewall = E
MNF 8.2 = F


                C
                |
                |
        B-----E
                |
                |
                A-----F-----D

I want to know if it would be an issue setting up MNF in this fashion,
because the default route would need to point back into the safe network
(A) that connects them to the internet through (E).

Regards,
Stephan Terblanche








____________________________________________________
Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________

Reply via email to