[Shorewall-users] Firewall Requirement

Bhavin Modi modi_bhavin at hotpop.com
Fri Dec 19 19:10:51 PST 2003


Hi,

I have a live class C network(on T1) which routes from the provider through
a router on a /30 network.

Router(/30) < -- > Firewall external interface (/30)
                                |
                                |----> Public Network (/24)  (I have a linux
proxy(squid) which serves the private network. I want to remove this.)
                                |
                                |----> Private Network (not used as HTTP
filtering causes extra load on firewall)

The firewall needs to be replaced as it is not able to handle the load. I
would like to install a linux based firewall/router in place of the current
firewall which should be able to forward request to the live /24 network
back and forth without any changes to the existing servers.

Can shorewall do the same ?
How should I configure shorewall so that the public network will be on DMZ,
private network can be directly connected to one of the interfaces on
shorewall firewall with squid running and also if I can do traffic shaping
for the private network(rfc1918).

What will be the hardware requirement ?

What are the issues I will have to take care of to have minimum downtime ?

Thanks,
~Bhavin.




More information about the Shorewall-users mailing list