[ previous ] [ next ] [ threads ]
 From:  "James McKeand" <james at mckeand dot biz>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Re: Internal Firewall
 Date:  Thu, 1 Sep 2005 08:34:28 -0500
Andrew Cotter wrote:
> I appologize for that one.... no coffee and way too much time dealing
> with spam this morning. 
> We have a slew of internal Windoze servers that are all on the the
> same subnet.  Nothing really is currently protecting the servers from
> the desktops.  On an internal LAN, would anyone suggest using m0n0 as
> a firewall between say a few win2k3 terminal servers, a couple MS SQL
> servers, email, intranet, etc. from the rest of the LAN?    
> I am specifically asking in m0n0 is a good fit for this task.  50+
> users so I am not dealing with an overly complex setup at this time. 

IIRC, m0n0wall has had limited success with transparent firewalling -
which is what I think you are trying to accomplish.

By adding a firewall between your users and your servers you will be
dealing with an overly complex setup. The only rational for doing this
is if you do not trust the users, i.e. public access or student/lab
users. If that is the case restrict the public access or labs from the
LAN on a DMZ.

Enforce policies on proper use, updates and antivirus. Don't allow IM or
AOL installs. Restrict installation rights on your workstations.
Consider some kind of web content filtering to restrict access to
questionable material/games.

James W. McKeand