Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Network Setup Question - Firewall Implementation

  1. #1
    Senior Member
    Join Date
    Aug 2001
    Posts
    356

    Network Setup Question - Firewall Implementation

    I figured I would post this question. Everyone usually seems more than happy to share their opinions on this board.

    I have a Windows 2000 Web Server, and a Windows 2000 DNS server. I am on a DSL connection and will be purchasing static IP addresses from my provider. The reason I have this setup is obviously I would like to do some web hosting through my DSL connection. Currently my setup is like so:

    DSL Modem -> 5 Port Hub -> The 2 servers plugged into hub, each have own static IP addresses assigned by DSL provider.

    I would like to have some kind of hardware firewall. I was just wondering if you guys could let me know what my options are. Would buying a router with a built in firewall be a good idea?For example if I bought the router and setup the network like this:

    DSL Modem -> Router (with built in firewall) -> The Servers

    It seems kind of weird to go purchasing a router just for its firewall though. Any other options? Any firewall recommendations, or network setup recommendations would be greatly appreciated. Price isn't a factor. Thanks!

    Jared
    An Ounce of Prevention is Worth a Pound of Cure...
     

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    371

    Firewall Question

    I have used an appliance firewall from www.intrusion.com (one of the PDS series). They are pretty good.

    You can use a checkpoint management console to set the rules on it. You can also set routes on the firewall itself, and it is relatively cheap ($3500AU).

    I think that it is good for about approx 50 users on a T1 connection.

    May be an option.
    SoggyBottom.

    [glowpurple]There were so many fewer questions when the stars where still just the holes to heaven - JJ[/glowpurple] [gloworange]I sure could use a vacation from this bull$hit, three ringed circus side show of freaks. - Tool. [/gloworange]

  3. #3
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    I feel like I keep writing the same answer..

    It's not hardware but it's really good. All you is a lil' PC (maybe a 486 DX4-100,500 MB hdd, 32MB RAM, two NICs)

    Go to www.clarkconnect.org and check out the gateway. it's simple, effective, and quite nice. Very little, if any administration.

    It's a 100 MB install, so it's small. It's got NAT, firewall, webcache, etc. plus they have a cool DNS service.

    P.S. It's free!!

    my 2 cents.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    244

    Re: Network Setup Question - Firewall Implementation

    Originally posted by jared_c
    I figured I would post this question. Everyone usually seems more than happy to share their opinions on this board.

    I have a Windows 2000 Web Server, and a Windows 2000 DNS server. I am on a DSL connection and will be purchasing static IP addresses from my provider. The reason I have this setup is obviously I would like to do some web hosting through my DSL connection. Currently my setup is like so:

    DSL Modem -> 5 Port Hub -> The 2 servers plugged into hub, each have own static IP addresses assigned by DSL provider.

    I would like to have some kind of hardware firewall. I was just wondering if you guys could let me know what my options are. Would buying a router with a built in firewall be a good idea?For example if I bought the router and setup the network like this:

    DSL Modem -> Router (with built in firewall) -> The Servers

    It seems kind of weird to go purchasing a router just for its firewall though. Any other options? Any firewall recommendations, or network setup recommendations would be greatly appreciated. Price isn't a factor. Thanks!

    Jared
    not weird at all,i did buy an xdsl router for my win 98se machine.i had allready nortonpersonal firewall 2001 installed.greetings kadeng
    i m gone,thx everyone for so much fun and good info.
    cheers and good bye

  5. #5
    Senior Member
    Join Date
    Aug 2001
    Posts
    356
    KorpDeath, Thanks for the suggestion..

    However, I am trying to stay away from a linux solution. The only reason why is because I don't know enough about linux. I would love to get into it in the future, but if disaster struck I wouldn't have the knowledge to fix the problem.

    That why right now I have a Windows 2000 network going. Thanks for the suggestion though. Maybe one of these days. :-)

    Anybody else have some good hardware firewall suggestions?
    An Ounce of Prevention is Worth a Pound of Cure...
     

  6. #6
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628

    really?

    Interesting. There is nothing really to "know" when it comes to that solution. if you wipe the machine just keep the diskette around and reload. On my DSL it takes about 3.5 minutes to totally reload.

    But I understand if Linux is scary to someone who isn't familar with it.

    Peace.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  7. #7
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    I agree with KorpDeath...however, I would use FreeBSD or OpenBSD instead of linux. It really is not that hard if u force yourself to use it. And this would be a perfect time to 'force' the issue.

    However, I have alot of experience with firewalls (it's my job) and there are some pretty good ones out there. Checkpoint (obviuosly) running on an Intrusion.com appliance or a Nokia appliance, but these will more than likely be too expensive for personal use, as would SonicWall or Watchguard. I would go for something like a D-Link or Linksys firewall/router, but keep in mind some functionality may be limited. Read the specs and determine what you are trying to do before you buy it.

  8. #8
    Senior Member
    Join Date
    Aug 2001
    Posts
    356
    iNViCTuS, Thanks for replying.

    Actually that is what I was thinking about doing. Getting a Linksys Router. But i'm not really sure how I would going about using it. Tell me if this makes any sense.

    Would I be able to set it up like so:

    DSL Modem -> (WAN IN) Linksys Router -> 2 Servers

    Now if I gave the Router and the 2 Servers each an assigned IP Address from the provider, would the router be acting as a firewall for the 2 servers?

    The reason I ask is becase I have used a Linksys Router as a gateway for my Internal Network to use 1 IP Address for internet Access, and it worked pretty well.

    But in this case I wouldn't be using it to share an IP Address, each server will still have their own IP Addresses, so what I'm wondering is if the firewall will still be functioning the same. Also I guess I wouldn't use that Router's IP as a gateway since each server already has there own Internet Connected IP.

    Wow that is really jumbled up. Just the whole concept of using the router for only a firewall is throwing me off a little since I used it for something totally different last time.

    Can someone tell me if I am thinking sanely? And let me know if this setup sounds legit? Thanks.
    An Ounce of Prevention is Worth a Pound of Cure...
     

  9. #9
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    Hopefully I can sort this one out

    From what I understand, before you were given single ip address and had to share that for your entire network. This is known as PAT (port address translation) or a Checkpoint calls it Hide NAT.

    Now you have multiple public IP addresses and you want to use them for your router and each of your servers. This can get a little tricky, because you will need a firewall that can do Static (one-to-one) NAT. Which means on your LAN the server would have a private IP address, (192.168.x.x or something) but people outside the network would see it as public IP address, so the firewall is translating the address for you. Many small firewall, will not do this well especially if you have more than one server. However, there is another option. Your ISP might be able to assign you another routable network so that you have 2 separate network ranges and then you could do something like this:

    Internet-->DSL modem--'network A'-->firewall--'network B'-->Internal servers

    I know it can be a bit confusing. Another option is to use another machine outside the firewall to do the NAT for you. unfortunately, you might be going back to the *nix scenario again though.

    There are some other options that would also work, but I will let you digest these first. In the mean time, if you or anyone else would like me to explain this further, please email directly or reply to this post me and I will do what I can to help.

  10. #10
    Senior Member
    Join Date
    Jan 2002
    Posts
    458

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •