sgt_b
10-03-2002, 10:08 AM
Here's the idea. I need to put a firewall or packet filter to protect our LAN from our WAN. Circumstances beyond my control do not allow me to successfully implement security policy across our entire WAN. Our WAN has complete access to our LAN, but only really needs access to 2 or 3 servers.
So here's the design I have in mind.
[WAN]--><--[Router-10.10.10.1]--><--[External Interface on FW-10.10.10.2]--><--[Internal Int on FW-10.10.10.3]--><--[LAN-10.10.10.x]
Is the above situation feasible? I'd like to run IPTables on the FW (firewall) machine.
My big concern is routing. Would IP routing be an issue in this case? Would I run into any pitfalls in creating a firewall with both interfaces sitting on different sides of the same subnet?
Any ideas would be appreciated.
Thanks!
So here's the design I have in mind.
[WAN]--><--[Router-10.10.10.1]--><--[External Interface on FW-10.10.10.2]--><--[Internal Int on FW-10.10.10.3]--><--[LAN-10.10.10.x]
Is the above situation feasible? I'd like to run IPTables on the FW (firewall) machine.
My big concern is routing. Would IP routing be an issue in this case? Would I run into any pitfalls in creating a firewall with both interfaces sitting on different sides of the same subnet?
Any ideas would be appreciated.
Thanks!