[ previous ] [ next ] [ threads ]
 From:  A dot L dot M dot Buxey at lboro dot ac dot uk
 To:  Peter Lauda <plauda at rx30 dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Will this work
 Date:  Fri, 17 Feb 2006 22:21:54 +0000

> Put a firewall at an address (wan side) that is a public address. The
> other (lan side) address will also have to be an address that is within
> the public address space of the wan side.
> A - Is this going to work?
> B - Am I buying more trouble by doing it?

A - yes. it'll have to be a full bridging firewall. very common in large
places that have full class B's and C's facing the world - eg universities

B - yes - from users. their used to the open world. technology wise . no.

you SHOULD have control. firstly to stop the wrong stuff getting out to the 
world. secondly , to stop the nasty stuff getting in. after this initial step,
the next step would be to install an IDS box (eg a SNORT box) to help detect
what else maligns the network. then possibly a transparent web proxy to help
clear the place of nasty spyware (can put extra filters on that and your SNORT
rather than hitting the firewall with load of other things)