by Gene Curci » Sat, 30 Mar 1996 04:00:00
1. Firewall recommendations/advice - Would this work?
Hello,
I'm currently running a linux 2.0 box doing IP_masq to allow the
internal network to access the internet. Everything works great, I have
30 people going through a 386sx/16. However, we are now adding a new
website that requires access to a MS SQL server running on NT. I want to
isolate the NT system as much as possible, but I have a number of
internal apps that also use the SQL server. So I've come up with the
following idea.
I define three networks, the internal network, the DMZ, and the internet.
The webserver (plus email server, etc) exist on the internet (on the
segment that is directly attached to the router). The SQL Server will go
in the DMZ.
In order for the web server to access the SQL server, I have a IP_Masq
box that denys all incoming connections (incoming from the internet)
except for those coming from the webserver over the SQL port. I allow it
to forward everything.
I set up another IP_Masq system that sits between the DMZ and the
internal network, and it lets anything through to the DMZ, and so to
either the SQL Server or the Internet.
So what I have is:
Internet ----- firewall #1 ----- DMZ ----- firewall #2 --- Internal
<- everything <- everything
-> only SQL port from IP -> nothing
First, does this sound like a good idea? Are there any holes in this type
of setup? Can anyone suggest any improvements.
If this looks good, would the systems on the internal network (win95/98
boxes) need to have any special network setup? I would think that making
the gateway the system between the internal network and the DMZ would
work.
Thanks for any help,
Erick Thompson
2. Looking for Linux NEVOT bins
5. Firewall Recommendations for Home PC
8. no keyboard as user under X
9. router/firewall recommendations?
10. Firewall recommendation: SQUID vs TIS vs ???
11. web iptables firewall conf tool recommendations
12. REQ: recommendations for home network firewall
13. Secure OS For Firewall. Any Recommendations?