Cisco Router/OpenBSD router firewall setup

Cisco Router/OpenBSD router firewall setup

Post by Mik » Fri, 04 Apr 2003 13:45:52



I have the following network and I was wishing some comments on it's
IP schema.
The IPs (except for office and DMZ) correspond to NICs as well as an
outside IP for a serial card on a cisco router.

Internet ISP Gateway [x.x.x.d1]

|
---> Cisco Router [x.x.x.d2 (outside IP ) | y.y.y.d1 (inside IP)]

|
---> OBSD FW [ y.y.y.d2 (out IP) | (192.168.1.1,192.168.2.1) (2 in
IPs)]

|
---> (192.168.1.x (DMZ), 192.168.2.x (office) ]

 That is the OBSD takes the ethernet connection from the cisco router
 and communicates with 2 sub-networks. The x.x.x and y.y.y are
Internet
 addressable IPs.

 Should I consider using only the outside IP address of the Cisco
router
 as the only internet addressable address in such a system and if so,
 how do I go about assigning IPs in the network which would be more
apt?
 My naive sense of security is telling me the less internet
addressable
 IPs in your system, the better this is for system security.

 Thanks for any comments or suggestions or related links

 Mike

 
 
 

Cisco Router/OpenBSD router firewall setup

Post by Edward Paul Wehrwei » Fri, 04 Apr 2003 15:30:32



Quote:> I have the following network and I was wishing some comments on it's
> IP schema.
> The IPs (except for office and DMZ) correspond to NICs as well as an
> outside IP for a serial card on a cisco router.

> Internet ISP Gateway [x.x.x.d1]

> |
> ---> Cisco Router [x.x.x.d2 (outside IP ) | y.y.y.d1 (inside IP)]

> |
> ---> OBSD FW [ y.y.y.d2 (out IP) | (192.168.1.1,192.168.2.1) (2 in
> IPs)]

> |
> ---> (192.168.1.x (DMZ), 192.168.2.x (office) ]

>  That is the OBSD takes the ethernet connection from the cisco router
>  and communicates with 2 sub-networks. The x.x.x and y.y.y are
> Internet
>  addressable IPs.

>  Should I consider using only the outside IP address of the Cisco
> router
>  as the only internet addressable address in such a system and if so,
>  how do I go about assigning IPs in the network which would be more
> apt?
>  My naive sense of security is telling me the less internet
> addressable
>  IPs in your system, the better this is for system security.

>  Thanks for any comments or suggestions or related links

>  Mike

It depends what you need/use the Cisco for. It seems like you have the Cisco
there to create a DMZ, if that's the case then you probably want to leave it
as is. If however, you have, say, a web server, or other service that can
sit behind a firewall you might be better off getting rid of the cisco
entirely, putting a third internal subnet in the OBSD box (in order to
isolate the servers from your office network) and put server(s) there. Thus
you don't have to worry about hardening an entire server for the www, just
the services it exposes. Of course, if you need the DMZ for something... all
this is useless. =)

Ed

 
 
 

1. Setup CISCO Router As Internet Firewall

  Hi, all

  I am new in this mailing list. Currently I am in the process to setup our
  internet firewall. One candidate is CISCO 2514. Has anybody out there
  used this router and how about the results? Thanks in advance.

  Ruiyuan Jiang
  System Administrator
  ADVANTAGE kbs, Inc.

  (908) 287-2236
  FAX (908) 287-3193

2. ETRN question ?

3. help on the Cisco 2611 router and the IOS Firewall setup

4. WANTED: BoulderDash and Super BoulderDash

5. Average setup time for Cisco router to router vpn

6. Can incremenet the /dev/ram capacity?

7. firewall / router setup

8. Dallas Awards Six Fiber Optic Network Franchises

9. Firewall Router Port Nr to IP setup

10. Setup question: WAN Router & vpn / fw-router+++

11. cisco isdn router 26xx series problem with routing to another cisco router

12. WTT: Cisco Routers for Cisco Routers