Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. iptables>
  3. User
Advice on network config (unix - linux and windows - mac)
david at muelec
Oct 14, 2002, 8:55 AM
Post #1 of 4 (2008 views)
Permalink
I would like to setup a linux box as gateway - firewall and NAT (maybe DHCP too) for a network of SUN workstations, windows (98, XP, 2000) PC's and macs.

I don't care about win and mac 's security but would like the SUN network to be as secure as possible. As I guess win can be easily compromised or in our case, untrusted
persons can have access to it so I thought of physically separating the unix network from the others by using 2 subnets (three network cards on the gateway). So having
two private networks, I can filter what goes from one to the other with the gateway's firewall (iptables in my case)

Is this the right way to do what I would like? Do you see any problem pointing out? Any recommandation would be welcome.

Thanks,
David Bourgeois
RE: Advice on network config (unix - linux and windows - mac) [ In reply to ]
rreid at studio3arc
Oct 16, 2000, 3:20 PM
Post #2 of 4 (1924 views)
Permalink
INTERNET<--------------->FIREWALL<--------nated systems on private net
^
|_______ DMZ

Firewall with 3 nic cards. Setup with a iptables filtering firewall that
nats all outgoing requests from your private network. And
filter/forwards incoming traffic to your DMZ. All attempts to connect to
your firewall are dropped and and logged unless they are established
connections (returning nat) or are a part of the forwarded DMZ eg. www.

http://www.e-infomax.com/ipmasq/howto/m-html/ipmasq-HOWTO-m.html

Ohh yea put those windows boxen on the net and you will be shot. I'm
tired of being probed by nimda and code red worms.





>
> I would like to setup a linux box as gateway - firewall and
> NAT (maybe DHCP too) for a network of SUN workstations,
> windoze (98, XP, 2000) PC's and macs.
>
> I don't care about win and macs but would want the SUN
> network to be as secure as possible. As I guess win can be
> easily compromised, I thought of physically
> separating the unix network from the others by using three
> network cards on the gateway. So having two private networks,
> I can filter what goes from one to the other with
> the gateway's firewall.
>
> Is this the right way to do what I would like? Any
> recommandation would be welcome.
>
> Thanks,
> David Bourgeois
>
>
>
Advice on network config (unix - linux and windows - mac) [ In reply to ]
david at muelec
Oct 14, 2002, 5:58 AM
Post #3 of 4 (1926 views)
Permalink
I would like to setup a linux box as gateway - firewall and NAT (maybe DHCP too) for a network of SUN workstations, windoze (98, XP, 2000) PC's and macs.

I don't care about win and macs but would want the SUN network to be as secure as possible. As I guess win can be easily compromised, I thought of physically
separating the unix network from the others by using three network cards on the gateway. So having two private networks, I can filter what goes from one to the other with
the gateway's firewall.

Is this the right way to do what I would like? Any recommandation would be welcome.

Thanks,
David Bourgeois
Re: Advice on network config (unix - linux and windows - mac) [ In reply to ]
nuitari at balthasar
Oct 14, 2002, 9:53 PM
Post #4 of 4 (1921 views)
Permalink
On Mon, 14 Oct 2002, David Bourgeois wrote:

> I would like to setup a linux box as gateway - firewall and NAT (maybe
> DHCP too) for a network of SUN workstations, windows (98, XP, 2000) PC's
> and macs.
>
> I don't care about win and mac 's security but would like the SUN
> network to be as secure as possible. As I guess win can be easily
> compromised or in our case, untrusted persons can have access to it so I
> thought of physically separating the unix network from the others by
> using 2 subnets (three network cards on the gateway). So having two
> private networks, I can filter what goes from one to the other with the
> gateway's firewall (iptables in my case)
>
> Is this the right way to do what I would like? Do you see any problem
> pointing out? Any recommandation would be welcome.
>
> Thanks,
> David Bourgeois

You should have security for the windows/mac on the firewall itself.
If you can, get a mail filter to remove some of the problems with security
in windows.

Your idea is sound, but don't forget to treat traffic coming from the
mac/win part as being traffic from the internet (and vice-vesa).

Also make sure that the physical network is distinct (eg 1 network card
for the sun network, 1 for internet, 1 for win/mac).

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal