I need to construct 2 separate firewalls to protect to separate local
class C networks connected to the Internet. The machines inside each
net have to have transparent access to the machines on the other net
for program calls. The machines are being used in process control and
the machines must be able to tell each other what to do. Port numbers
are hard coded in the software, portmapper will not be used. In
addition, some selected other machines will need relatively easy
access to the internal nets for telnet and ftp. Most other services
will be turned off, daemons not run, no-opted out of /etc/services, et
cetera. And finally, each class C net and router must be portable in
that the setup will be periodically moved to other locations around
the world and plugged back into the net.
What I'm looking for is recommendations for routers that can filter
both by source/destination IP addresses and source/destination ports.
The activity is a research project that's not terribly well funded
(despite my return address, the NASA support is almost nil), and I'm
trying to keep the costs of the routers as low as possible. Any
suggestions you might have will be very appreciated.
-- Rob Tanner