On Wed, 5 Nov 1997, Vik Varma wrote:
> > Hello Sirs!
> >
> > We have a class `C` internet address space at our disposal. I want to
> > split into two subnets and connect them using firewall. I want to keep
> > important systems like DNS and MAIL server on the subnet outside firewall
> > which will have direct internet access. Hosts inside fire wall should have
> > internet access for all applications, whereas internet hosts should be
> > prevented from accessing hosts on subnet inside firewall. MAIL server
> >
> > Does anybody know how to configure linux FWTK for this setup
>
> Is there a reason you want a valid class C address space inside your firewall?
> Why not just use one of the private class C addresses specified in RFC 1918?
> This is typically what you want to do, using the firewall box as your gateway to
> the world and have it perform NAT (via proxies) on all external services.
>
> --
> Vik Varma VeriSign, Inc
> System Administrator (650) 429-3352
> Operations, Information Systems Vik .
Varma @
verisign .
com
>
Thanks for the reply sir!
Actually I dont want to use NAT as it consumes more time for each packet.
I want to have a simple filter which takes forwarding decissions based
on IP address only and it should not go for NAT.
Is there any such firewall software available ?
References:
|
|
