[Shorewall-newbies] RE: Two Firewalls????

Tom Eastep teastep at shorewall.net
Wed Mar 10 15:54:08 PST 2004


On Wednesday 03 March 2004 08:58 am, Kirti S. Bajwa wrote:
> Hello List:
>
> Several months ago I setup Shorewall Firewall on a test LINUX server and
> have been quite happy with it. Now I want to setup Shorewall on a
> production system.
>
> My setup:
>
> 					T1 to Internet Backbone
>
>                         ---------------------------
>
> 		        12.21.237.10              12.21.237.11
>                    --------------             --------------
>
>                   | Firewall     |           | Firewall     |
>                   | DNS1(NS1)    |           | DNS2(NS2)    |
>
>                    --------------             --------------
> 		        192.168.21.10             192.168.21.10
>
>                         ---------------------------
>                              DMZ  |Hub|    DMZ
>              ---------------------------------------------
>
>        12.21.237.15   12.21.237.16   12.21.237.17   12.21.237.17
>             rdx           mail           Web           data
>        ------------   ------------   ------------   ------------
>
>        |  RADIUS  |   |   Mail   |   | Web/HTTP |   |   DATA   |
>        |  Server  |   |   Server |   | Hosting  |   |  MySQL   |
>
>        ------------   ------------   ------------   ------------
>        192.168.6.15   192.168.6.16   192.168.6.17   192.168.6.18
>             rdxl          maill          webl          datal
>
>              -------------------|Hub|---------------------
>
>
> All servers are RedHat 9.0 LINUX. Shorewall Firewalls on NS1 & NS2 are
> identified (named) as FW1 & FW2.
>
> Question:
> Since this will be a production system, I want to do it right. Is this
> setup workable? If NOT, what do I need to do? Is there something special in
> the setup?

I guess my first question is what are you trying to accomplish with this 
setup? 

What is the purpose of the lower RFC 1918 network?

Are the firewall's supposed to load balance or is one a hot standby?

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net




More information about the Shorewall-newbies mailing list