OFB Community Mailing Lists

[Fred A. Miller]

On Mon December 27 2004 9:07 pm, Ed Hurst wrote:
> This is on my blog, so you can respond there, too.
> ---------------------------------------------------
>
> Your Mission
>
> Let's pretend that someone is offering you a suitable sum of money for a
> project. They have 9 computers on an internal network. Due to the nature
> of their business, there are no Open Source applications for their
> software requirements -- some obscure engineering stuff. Indeed, the
> latest release of their software means all their machines will have to
> run XP. However, they wish to run a gateway/firewall on Linux/Unix. This
> server will also provide mail, with spam-blocking, and PHP/SQL webpage
> service. When the technicians are on the road, they need to login and
> gain access to the file server (XP) behind the firewall. You may assume
> they will login to the gateway first, then login again to the
> fileserver. No one else in the whole world needs to even know about
> what's behind that gateway server. There will be a static IP and T1
> service.

It's doable. First, use a Sonic Wall as the "first line of defense." It can be 
made to firewall LAN and WAN. It also can allow SPECIFIED ssh traffic via IP 
address to the Linux server, where id and password is required to gain access 
to XP box, where once again there is a DIFFERENT ID and password.

> Outline how you would set this up, and respond in the comments. It would
> be good if you explain why you favor this or that OS for the gateway.

I've done the above, only provided traffic to an RS-6000 F-40.

Fred

-- 
"As Internet technology itself vaults into new areas, so too does the
Microsoft monopoly and its tried-and-true bag of tricks."
-US Senator Orrin Hatch, (R) Utah