Re: network architecture question

2018-10-03 Thread Aham Brahmasmi
Hi Ingo, Thank you for your response. > i mostly learn by reading reference manuals, standard documents, > and source code. I try to too, but with limited successes. So topology and other higher order concepts are out of my competency area, and hence my question. > I mentioned it to show that t

Re: network architecture question

2018-10-03 Thread Aham Brahmasmi
Hi Tom, > The book of PF by Peter M Hansteen is very good, and openBSD Specific > Building Internet firewalls is good also ... Building internet > firewalls book can > be a bit verbose atimes... but it does go through things in detail... Thank you for your recommendation. I apologize for my inco

Re: network architecture question

2018-10-02 Thread Ingo Schwarze
Hi, Aham Brahmasmi wrote on Mon, Oct 01, 2018 at 11:27:09PM +0200: > Would you recommend any other books in addition to "Building Internet > Firewalls"? I'm usually not very good at recommending books, i mostly learn by reading reference manuals, standard documents, and source code. It is mere c

Re: network architecture question

2018-10-02 Thread Stuart Henderson
On 2018-09-14, Marko Cupać wrote: > Hi, > > for years I have been using setup with two firewalls: "outer" one - > FW1-BGP - connecting to upstream ISPs and talking BGP to them regarding > my DMZ, and "inner" one - FW2-NAT, doing NAT for my LAN. > > ISP1 ISP2 > \ / >[FW1-BGP] >

Re: network architecture question

2018-10-01 Thread Tom Smyth
Hello Aham, The book of PF by Peter M Hansteen is very good, and openBSD Specific Building Internet firewalls is good also ... Building internet firewalls book can be a bit verbose atimes... but it does go through things in detail... regarding BGP ... https://www.ssi.gouv.fr/uploads/2016/03/bgp-c

Re: network architecture question

2018-10-01 Thread Aham Brahmasmi
Hi Ingo, Thank you for sharing your experience and insight. > This is discussed in very great detail, covering several chapters, > in the fundamental book by Elizabeth D. Zwicky, "Building Internet > Firewalls" (O'Reilly 2000). While in that book, lots of information > about specific services is

Re: network architecture question

2018-10-01 Thread Ingo Schwarze
Hi Marko, sorry for the slow response, but given that nobody else answered, maybe it's still relevant. Marko Cupac wrote on Fri, Sep 14, 2018 at 02:45:30PM +0200: > for years I have been using setup with two firewalls: "outer" one - > FW1-BGP - connecting to upstream ISPs and talking BGP to them

network architecture question

2018-09-14 Thread Marko Cupać
Hi, for years I have been using setup with two firewalls: "outer" one - FW1-BGP - connecting to upstream ISPs and talking BGP to them regarding my DMZ, and "inner" one - FW2-NAT, doing NAT for my LAN. ISP1 ISP2 \ / [FW1-BGP] | (DMZ) | [FW2-NAT] |