|
Firewall Architecture It is a good idea to you use a screened subnet architecture as mentioned in "Building Internet Firewalls" (D.Brent Chapman, Elizabeth D. Zwicky, O'Reilly & Associates, Inc.). The figure below illustrates a screened subnet architecture with an internal net and a perimeter net:
The most important services will be served from three servers on the perimeter network :
A host named trusted
will be connected to the internal net
by a seperate device (ippp1). The firewall acts like an exterior and interior router together. The outgoing device is ippp0, the device to the perimeter network is eth1 and the internal network is connected through device eth0. An external trusted host is connected to the firewall through a seperate device ippp1. The above architecture supports most configurations:
In either of these two situations
you have to setup only the services which are available on the firewall
itself - otherwise you have to additionally define the Screening
rules of the services to the internal and/or perimeter
networks.
(c) 1998 Jens Friedrich |