[ previous ] [ next ] [ threads ]
 
 From:  krt <kkrrtt at gmail dot com>
 To:  Greg Worcester <wpcomputer at ncia dot net>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] netgear firewall
 Date:  Wed, 26 Jul 2006 18:47:14 -0700
I don't see, technically, why would couldn't put them in line.

I've included two half-ascii'd schematics, with example subnets.

[ Internet ]<--ISP Feed-->[ m0n0wall ]<--10.1.1.0/30-->[netgear]<-- 
10.1.2.0/24-->Cisco Switch


Or

[ Internet ]<--ISP Feed-->[ netgear ]<--10.1.1.0/30-->[ m0n0wall ]<-- 
10.1.2.0/24-->Cisco Switch


Given the relative security of both devices, you're going to run into 
far more configuration and troubleshooting issues than the security that 
two inline firewalls will give you (in other words, you're hedging your 
bets that someone will be able to break into the first firewall but not 
the second, at the expense of a network that's a tad more complex)

You might, at the worsst, have to do NAT'ing twice.  At the best, you'd 
only have to NAT at the ISP facing firewall and route the 10.1.2.0/24 
network to the second firewall.




Greg Worcester wrote:
> I recently installed m0n0wall and it is working great.
> As a result of my network configuration I have had to
> stop using my Netgear FVS318 firewall to use m0n0.
> Is there any way to configure a hardware firewall such as this
> to double up my protection. Just curious about it.
> Right now my LAN cable is plugged into a cisco 2950 switch.
> My netgear box is just operating as a switch right now.
> Any help would be appreciated.
> Thanks
> Greg Worcester
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
>