On 5/23/06, jochen thomas <jochenthomas at yahoo dot com> wrote:
> As you can see I want to create a double fire walled small environment.
Why use two firewalls? One with 3 interfaces would accomplish the
same thing, and be less complex and easier to deal with.
> I am not really sure if this will work regarding these points:
> - VoIP-clients/Phones (SIP + varying UDP-Ports + NAT) / very important
> - how to route this VoIP (UDP) streams (SIP and IAX2)?
somebody else will have to answer your VoIP questions, there are a
bunch of people who work with VoIP regularly on this list.
> - exact routing of different protocols e.g smtp/pop3 only to sendmail-server, but HTTP at
> all three NIC's at monowall-1- (can I use more then 3 NICS? --> one external, two DMZ,
> one internal)
you can use as many NIC's as you can fit in your system.
> - secure access to Server2003 via Tunnel through both monowalls
> - routing to different port80 http-servers (to sendmail-server, to asterisk-server, and to
> some other (each have different domains like sendmail.domain.com,
> asterisk.domain.com, server2003.differentdomain.com)) --> what is the best way
have to have multiple public IP's
> - what about intrusion detection,
IDS should be a different system.
> what about stateful inspection,
m0n0wall is fully stateful.
> SYN flood,
there isn't any SYN flood protection, but personally even on my PIX
firewalls, I use the protection in the OS of the system anyway and
disable it on the firewall. The OS should have adequate protection
(if not, use a different one), and it knows much better than the
firewall can what it can handle.
> port scans,
what about them? they'll happen. things you open will show open,
things you don't won't.
Nothing higher than layer 3 and 4 in m0n0wall, so no.
I give up on answering any more questions in one email. Use Google
site:m0n0.ch, you'll find your answers for the most part.