Re: firewall in internal network
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

Re: firewall in internal network

From: Alan Strassberg <paleale@bolt.sonic.net>
Date: Sun Aug 07 2005 - 20:04:01 CEST



In article <1123421169.874103@bru-ix-srv240>,


router9  <nospam@router9.invalid> wrote:


>Hi all,


>


>I have a question about firewalls/routers.


>I want to make an extra protection to a group of computers who are already


>part of a bigger network.


>I also want to make them independent, so i want to put them in an own domain


>and an own dhcp server.


>


>If I should put them behind a router, then they are protected but the


>problem is, the computers in the bigger network wich they are part of also


>uses internal ip adresses so the computers in the extra protected network


>won't be able to connect to the computers in the bigger network were it is


>part of (the other way is forbidden offcourse,  computers in the bigger


>network are not allowed to connect to shares of computers inside of the


>extra protected network).


>This is because internal ip's aren't routed over routers.



        You want a transparent firewall. I know the Netscreen's do


        this (like the NS5GT) - operate on Layer 2 but can write


        firewall policies. This way no network changes are needed


        so everrything works like before. You can use the 5GT for a DHCP


        server too if you prefer. There are probably other brands that 


        work in L2 mode.



                                        alan


Received on Thu Sep 29 20:00:55 2005