Hallo,
I wonder what is the best solution for security in this ascii-art
network:
[router]
|
[ ]
|
+--------------|-------------|----....----|
| | | |
[server] [PC] [PC] [PC]
The toplogy is untouchable: this is a marketing request.
In the empty space I put my firewall: a filter and proxy (squid)
server, debian potato with kernel 2.2.19, ipchains made.
It seems a good solution to me.
The trouble is a preimposted NAT table in the router: the unique
external IP is remapped to the internal address of the server.
I don't know how to say the router 'route add default gw firewall'...
and my manager said: <<router is preferibly not to modify>>.
So i thougth:
First solution: to make the firewall be a bridge for incoming
connections to the server, and normal filter+proxy for
outgoing ones. It seems not so good to me.
Or: to make the firewall use a 2.4.5 kernel, and use NAT iptable to
redirect in some way the router --> server connection. I think (but
I'm not sure) it should work. It costs a lot to me in upgrading to
iptables.
What do you suggest?
Thanks!, Marco
--
Marco Tassinari +039 328 1187801
mailto:[EMAIL PROTECTED]
http://www.taffi.it
