[WEB4LIB] Private IP and firewall

pverhagen at sapl.ab.ca pverhagen at sapl.ab.ca
Thu Sep 28 16:35:45 EDT 2000


A good book on the subject is called "Building Internet Firewalls" 
by Chapman & Zwicky, published by O'Rielly & Associates. It will 
tell you everything you know about firewalls and then some.

In a nutshell (yeah, one LARGE nutshell), there are many things to 
consider. The main key I can think of will be how you choose to 
connect your remote branches. Do they need to see the rest of 
network traffic (eg, dhcp, netbios/ipx packets?, dns services, etc). 
Decide what services have to be passed and what can be ignored, 
and then develop your "connection map".

As for the firewall itself, many professional products are available. 
My recommendation is to stay away from proxy servers because it 
requires your applications to be proxy aware. Some of the better 
known products (if you want to pay for them) are "Checkpoint 
Firewall-1" and "Raptor" (I've heard of it, anyway) and "Borderware 
Firewall Server". Microsoft is coming out with a firewall for Windows 
2000 servers called "Internet Security and Acceleratation server" 
(one of the their .net servers). You can check it out here: 
http://www.microsoft.com/isaserver/

However, with a little time (OK - I lied, with A LOT of time) and a 
good handbook you could build your own firewall. The handbook is 
called "Building Linux and OpenBSD Firewalls" (can't remember 
the authors or publisher), using of course, the Linux or OpenBSD 
operating systems. I've looked at both ipchain's and BSD's ipfilter, 
and I'd have to say that I found ipfilter easier to understand.

I hope it helps. And, as with any firewall, good luck!

Peter Verhagen

On 27 Sep 2000, at 14:51, Yi wrote:

> Hi, Our library system want to convert our regular IP to private IP
> and add a firewall to protect our network. We already use private IP
> subnet at remote sites. We understand that it is a big project and
> involves most of the servers, routers and switches, as well as
> workstation. Does any library has experience on this kind of project
> and willing to share with us?
> 
> We have web server and ILS server in UNIX boxes and DHCP in NT server.
> Use T1 and frame relay to connect to remote branches and use T1 to
> access Internet.
> 
> Questions we can think of: Location of servers, which need telnet from
> inside and outside; firewall management; main strategies, etc..
> 
> Thanks in advance
> 
> Yi Kong
> Kenosha Public Library 
> 


Peter Verhagen
Library Systems Administrator
St. Albert Public Library
St. Albert Place
#5 St. Anne Street,
St. Albert, AB, T8N 3Z9
EMAIL: pverhagen at sapl.ab.ca
PHONE: (780) 459-1534


More information about the Web4lib mailing list