Hi there,
I am busy connecting our company to the Internet. Therefore I set up a
computer with LINUX on it. The LINUX machine is intended to be used as an
Internetserver and as a gateway between the Internet and our LAN. This
machine contains two ethernetcards.
One ethernetcard is connected to a router which is connected to our Internet
provider through a leased line (V.35). The other ethernetcard connects the
gateway/
Internetserver to our LAN. A firewall will be running on the gatewaycomputer
(LINUX).
The drawing below shows our current situation.
<->: Incoming/Outgoing <-> SMTP \
-->: Incoming <-> WWW |--> Proxies
<--: Outgoing <-> FTP |
<-- Telnet /
+----------+ +--------+ +---------+
| Internet |------| Router |--------+ +---------| LAN |
+----------+ +--------+ | | +----+----+
| | |
| | +-----+-----+
+---------+ | Mail |
| Gateway | | server |
| (LINUX) | | (Mercury) |
+---------+ +-----------+
I want to setup an FTP and WWW server. Users from the Internet and our LAN
will have to connect to this services. E-Mail from the Internet will be
delivered (SMTP) through the gateway by sendmail to the mail-server
(Mercury). The mailserver transports the mail to the correct users. E-Mail
to the Internet will be delivered to the gateway by the Mailserver
(Mercury). The gateway (sendmail) delivers the E-Mail to the Internet.
Besides E-Mail I want to give the users (Monitored) Internetaccess (FTP,
Telnet, WWW) from terminals (Netware clients) inside the LAN.
I got a couple of questions about this configuration.
1. Where should I put our FTP and WWW services? I intend to place
the FTP
service on the gateway while FTP provides its own security features
(running ftpd in a limited directory space using chroot()). The
WWW service
is placed on a separate machine.
If I place the services between the router and the gateway
(demilitarized
zone) the services do not benefit from firewall protection; only
our LAN
does.
If I place the services on the gateway/firewall computer the
services are
vulnarable to attack and making the gateway/firewall untrustworthly.
If place the services inside the LAN I must provide secure
proxies to give
Internet users access to our services. Doing this makes our LAN
vulnarable
to attack.
2. Where can I find a good firewall package? The firewall will run
on our
gateway. I need to set up some proxies for the services I
mentioned (SMTP,
FTP, WWW, Telnet). I also want to keep track of the activities of
the users
in our LAN (Logging, download limitation, etc). I read about the
'Firewall
Toolkit' and 'SOCKS'. Are these packages good enough and are
there any
other good solutions.
3. How can I test the security of the firewall?. Once I have
installed the
firewall on the gateway computer, how can test if it is secure.
Are there
any pitfalls I have to be aware of?
4. Does sombody have good recommendations about books describing how to
connect to the Internet using LINUX?
If there are any questions according to description of the situation please
feel free to ask. I really want to learn from this discussion. Thanx in
advance for all of your help.
'''
(O O)
+--------------------oOO-(_)-OOo-----------------------------------------+
| Private: | Business: |
| Erik Hoitinga | SE Software Engineering |
| Mr. Sickeszlaan 37 | Treubstraat 1h |
| 3571 ST Utrecht | 2288 EG Rijswijk |
| The Netherlands | The Netherlands |
| Tel. 030-714573 | Tel. 070-3907683 Fax. 070-3954224 |
+---------------------------------+--------------------------------------+
| When everything else fails. . . . Kick !! |
+------------------------------------------------------------------------+
| Private E-Mail: ehoiting @
inter .
nl .
net |
| Business E-Mail: ehoiting @
se-rijswijk .
nl |
| Postmaster E-Mail: postmaster @
se-rijswijk .
nl |
+------------------------------------------------------------------------+
|
|
