FC as network firewall.

[Rodolfo J. Paiz]

On Wed, 2005-01-26 at 19:40 +0100, Franco wrote:
> Hi, what i need is this:
> i have a Cisco Router and 8 servers with 8 public ips,
> now i need of a firewall and i want to setup a linux server
> as firewall to filter all incoming traffic from router and
> pass it to a servers if the firewall policy have passed.
> 
> What i need to know is how can i setup the ethernet card
> for use it as firewall-gateway for my public lan.
> Best regards.
> 

All you need is to set up the Linux system with *two* Ethernet cards
(not one, as your text seems to suggest) connected this way:

Cisco <---> Linux firewall <---> Ethernet Switch <---> Servers

Once you have both Ethernet interfaces, Shorewall has NAT and
masquerading abilities that are more than ample for your needs. I do
this kind of thing quite frequently.

However, as some other poster pointed out, this sounds very much like a
system on which your business will depend; and that makes the cost of
any mistakes, or downtime, or a cracked firewall, much higher (perhaps
more than you can afford).

Are you sure you want to set this up as your first project? Perhaps you
would be well advised to set up a test system or three, get to know the
software involved, and understand the material better before you go
"live"?

Also, is there a reason you are using such a powerful box for your
firewall? You have 2,700 MHz and probably don't need more than 200 MHz;
and you have 768MB of RAM where at most you likely need 64MB. I don't
suggest that you *must* use old and underpowered hardware! I simply
would like to be sure that you are not under the opposite mistaken
impression (i.e. that you actually need this much power).

Cheers,

-- 
Rodolfo J. Paiz <rpaiz at simpaticus.com>