[ previous ] [ next ] [ threads ]
 
 From:  A dot L dot M dot Buxey at lboro dot ac dot uk
 To:  Peter Lauda <plauda at rx30 dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Will this work
 Date:  Fri, 17 Feb 2006 22:21:54 +0000 
Hi,

> Put a firewall at an address (wan side) that is a public address. The
> other (lan side) address will also have to be an address that is within
> the public address space of the wan side.
> 
> A - Is this going to work?
> B - Am I buying more trouble by doing it?

A - yes. it'll have to be a full bridging firewall. very common in large
places that have full class B's and C's facing the world - eg universities

B - yes - from users. their used to the open world. technology wise . no.

you SHOULD have control. firstly to stop the wrong stuff getting out to the 
world. secondly , to stop the nasty stuff getting in. after this initial step,
the next step would be to install an IDS box (eg a SNORT box) to help detect
what else maligns the network. then possibly a transparent web proxy to help
clear the place of nasty spyware (can put extra filters on that and your SNORT
rather than hitting the firewall with load of other things)

alan