Board index OpenBSD

Cisco Router/OpenBSD router firewall setup

Cisco Router/OpenBSD router firewall setup

Post by Mik » Fri, 04 Apr 2003 13:45:52



I have the following network and I was wishing some comments on it's
IP schema.
The IPs (except for office and DMZ) correspond to NICs as well as an
outside IP for a serial card on a cisco router.

Internet ISP Gateway [x.x.x.d1]

|
---> Cisco Router [x.x.x.d2 (outside IP ) | y.y.y.d1 (inside IP)]

|
---> OBSD FW [ y.y.y.d2 (out IP) | (192.168.1.1,192.168.2.1) (2 in
IPs)]

|
---> (192.168.1.x (DMZ), 192.168.2.x (office) ]

 That is the OBSD takes the ethernet connection from the cisco router
 and communicates with 2 sub-networks. The x.x.x and y.y.y are
Internet
 addressable IPs.

 Should I consider using only the outside IP address of the Cisco
router
 as the only internet addressable address in such a system and if so,
 how do I go about assigning IPs in the network which would be more
apt?
 My naive sense of security is telling me the less internet
addressable
 IPs in your system, the better this is for system security.

 Thanks for any comments or suggestions or related links

 Mike

 
 
 
Top

Cisco Router/OpenBSD router firewall setup

Post by Edward Paul Wehrwei » Fri, 04 Apr 2003 15:30:32



Quote:> I have the following network and I was wishing some comments on it's
> IP schema.
> The IPs (except for office and DMZ) correspond to NICs as well as an
> outside IP for a serial card on a cisco router.

> Internet ISP Gateway [x.x.x.d1]

> |
> ---> Cisco Router [x.x.x.d2 (outside IP ) | y.y.y.d1 (inside IP)]

> |
> ---> OBSD FW [ y.y.y.d2 (out IP) | (192.168.1.1,192.168.2.1) (2 in
> IPs)]

> |
> ---> (192.168.1.x (DMZ), 192.168.2.x (office) ]

>  That is the OBSD takes the ethernet connection from the cisco router
>  and communicates with 2 sub-networks. The x.x.x and y.y.y are
> Internet
>  addressable IPs.

>  Should I consider using only the outside IP address of the Cisco
> router
>  as the only internet addressable address in such a system and if so,
>  how do I go about assigning IPs in the network which would be more
> apt?
>  My naive sense of security is telling me the less internet
> addressable
>  IPs in your system, the better this is for system security.

>  Thanks for any comments or suggestions or related links

>  Mike

It depends what you need/use the Cisco for. It seems like you have the Cisco
there to create a DMZ, if that's the case then you probably want to leave it
as is. If however, you have, say, a web server, or other service that can
sit behind a firewall you might be better off getting rid of the cisco
entirely, putting a third internal subnet in the OBSD box (in order to
isolate the servers from your office network) and put server(s) there. Thus
you don't have to worry about hardening an entire server for the www, just
the services it exposes. Of course, if you need the DMZ for something... all
this is useless. =)

Ed

 
 
 
Top

1. Suse Linux Router hinter Cisco Router ???

Ich denke das geh?rt nich ganz hierher, aber vielleicht wei? ja doch jemand
wie ich das machen kann.

Folgendes Problem:

Ich versuche einen lokalen Router mit SUSE Linux 7.1 zu konfigurieren. Im
Prinzip soll dieser Router vor dem eigentlichen Cisco-Router mit der
internen IP 192.168.128.1 stehen.

Es ist deshalb nicht notwendig die Bchse als FW zu konfigurieren. Sie soll
NUR alle ein/ausgehenden Pakete von eth0 nach eth1 und umgekehrt
weiterleiten. (Ich will die durchgehenden Pakete mitloggen)

Bisher ist mir das irgendwie nicht gelungen...

Das System tr?gt immer eine dumme default-route zum eth0 ein. Diese

ist in der route.conf nicht eingetragen. Selbst nach /etc/init.d/route stop
ist diese eine route noch vorhanden...

Hat vielleicht jemand nen Tipp bzw. nen Dokument wie ich das erreichen kann?

Gru? und Dank

Igor.

                         Internet
                               |
                               |
                               |
               Cisco-Router (mit IP:192.168.128.1 intern)
                               |
                               |
                               |
    SUSE-Linux 7.1 Router(soll in beide Richtungen durchl?ssig sein)
                               |
                               |
                               |
|--------------------|--------------------------|---------- ...
|                              |                                       |
...                    Internes Netz                        ......

2. Odd mouse behavior

3. Cisco router or Linux router ?

4. Status Of Binary Compatibility Between Intel-Based UNIX

5. router configuration of a cisco router

6. Wanted: RCS for Solaris 2.3 SPARC

7. Linux Router or Cisco Router for Small Office Internet Line

8. What makes select exceptional?

9. Can OpenBSD replaces a cisco router?

10. qos on openbsd to cisco router via ethernet

11. OpenBSD tunnelling with a Cisco router

12. SnapGear firewall, ADSL router and backup ISDN router

13. Firewall Router: Cisco or Wellfleet?


All times are UTC
Board index