> Hi MacGyver!
>
> On 6 Feb 98 at 22:02, MacGyver wrote:
>
> > >What I am looking for is some good resources I can review for detailed
> > >plans about setting up and installing a LINUX firewall option.
> > >
> >
> > You mentioned MSProxy. If all you need to do is to give your users access to
> > things like WWW and Email, and you don't need to worry about anything coming
> > *INTO* your network from the Internet (or whatever external network you're
> > connecting to), I'd suggest Linux IP-Masquerading. What this does is
>
> Is Masquerading secure?
As long as your firewall cannot be compromised, then MASQUERADING is one of the most secure solution, provided you don't care if your internal users have unlimited access to the net.
Note that your firewall must ignore any and all source-routed packets.
Note also that your internal machines won't be accessible from the net, so you can't have any server inside. Also, a few applications may break and/or loose some performance (Realaudio will use TCP connection from the user, FTP transfers must be passive, etc...)
--
Christophe Dupre
Analyste de systemes,
RISQ inc. ;-)
1801 McGill College, suite 800 Tel: (514) 840-1235, ext 6971
Montreal, QC CANADA FAX: (514) 840-1244
"Nous ne sommes pas libres de ne pas etre libres, nous sommes obliges de
l'etre" - Fernando Savater
#include <disclaimer.h>
References:
|
|
