[Shorewall-newbies] RE: Two Firewalls????

Kirti S. Bajwa kbajwa at tib.com
Thu Mar 11 08:38:16 PST 2004


What is the purpose of the lower RFC 1918 network?

Sorry Tom, I am not as familiar with RFC as you are!!! But I think I know
what you are asking. In our system, all servers, other than two firewall
servers, are in DMZ. Lower network (192.168.6.x) is strictly for traffic
between the servers. This allows me to further secure the network and have
better performance.

------
Are the firewall's supposed to load balance or is one a hot standby?

Actually, both. In our setup, DNS1 services all the quiries coming from the
Internet world and DNS2 is the secondary name server. For all internal
quiries, DNS2 is the primary name server and DNS1 is the secondard name
server. That is the reason we need firewall on both DNS1 & DNS2 servers.
------

Thank you.

Kirti


-----Original Message-----
From: Tom Eastep [mailto:teastep at shorewall.net]
Sent: Wednesday, March 10, 2004 6:54 PM
To: List for New Shorewall Users; Kirti S. Bajwa
Subject: Re: [Shorewall-newbies] RE: Two Firewalls????


On Wednesday 03 March 2004 08:58 am, Kirti S. Bajwa wrote:
> Hello List:
>
> Several months ago I setup Shorewall Firewall on a test LINUX server and
> have been quite happy with it. Now I want to setup Shorewall on a
> production system.
>
> My setup:
>
> 					T1 to Internet Backbone
>
>                         ---------------------------
>
> 		        12.21.237.10              12.21.237.11
>                    --------------             --------------
>
>                   | Firewall     |           | Firewall     |
>                   | DNS1(NS1)    |           | DNS2(NS2)    |
>
>                    --------------             --------------
> 		        192.168.21.10             192.168.21.10
>
>                         ---------------------------
>                              DMZ  |Hub|    DMZ
>              ---------------------------------------------
>
>        12.21.237.15   12.21.237.16   12.21.237.17   12.21.237.17
>             rdx           mail           Web           data
>        ------------   ------------   ------------   ------------
>
>        |  RADIUS  |   |   Mail   |   | Web/HTTP |   |   DATA   |
>        |  Server  |   |   Server |   | Hosting  |   |  MySQL   |
>
>        ------------   ------------   ------------   ------------
>        192.168.6.15   192.168.6.16   192.168.6.17   192.168.6.18
>             rdxl          maill          webl          datal
>
>              -------------------|Hub|---------------------
>
>
> All servers are RedHat 9.0 LINUX. Shorewall Firewalls on NS1 & NS2 are
> identified (named) as FW1 & FW2.
>
> Question:
> Since this will be a production system, I want to do it right. Is this
> setup workable? If NOT, what do I need to do? Is there something special
in
> the setup?

I guess my first question is what are you trying to accomplish with this 
setup? 

What is the purpose of the lower RFC 1918 network?

Are the firewall's supposed to load balance or is one a hot standby?

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net



More information about the Shorewall-newbies mailing list