Where should I place the firewall?

So would I be correct in figuring that your have only one segment off the firewall, that would be the internal lan segment and another internal firewall separating the servers from the workstations?

Why not simply use the single border firewall in a classic DMZ configuration.. that would ease your administrative burden.


Never try designing a firewall architecture without laying down the access-control policy that it must enforce first...

In other words.. what needs to go where.. what shouldn't go where.. whats allowed in, and whats allowed out.. once you have those down properly (preferably on paper) then you should design the network accordingly.


Cheers,

I have thought about putting the Webserver in the DMZ, but do you think I can keep it realitively safe? Plus, I'd like to learn more about firewalls, so that was the main reason I was putting it there was for learning experience. Now as far as rules I have a general idea, but then again I have lots to learn. I've yet to get a firewall setup on Mandrake like I would like. I would like some other distro, but I'm having no luck. At this point it was an overall design feature that I was looking at so I knew how to place my computers in my apartment.

I've heard IP cop and others like that are easy to use, maybe I'll try it so I can get my feet wet first, then jump into harder stuff. Any other info you have would be great.

Oh, the basic rules I want is that the personal computers can go to any place on the web, but obviously nothing from the web should be able to access them. I have no reason to access the computers from the outside. So even though I have nothing written down, I think it's pretty simple. Maybe I made it too simple, so please tell me if i did.

IPCOP is really easy to use. You can configure your firewall using the GUI and you can always drop down to the config files as you gain more confidence.

IPCOP is really easy to use. You can configure your firewall using the GUI and you can always drop down to the config files as you gain more confidence.

This is the exact approach i took, using IPCop as my firewall/router for my ADSL connection. For now its just using the web GUI to configure everything, but eventually i'm going to jump in and play with plain text config files in order to build up some linux network security skills.

Let us know Novastorm if you discover any interesting tricks or if you get stuck.