Quote:
1. It looks from the searching I have done I need to use IP Tables to setup a firewall for my private network. All the guides say to have two NICs, one with a public address and one with private, but my router is my gateway and it has the public / private address setup already. I really don't want to let everything through and then have the linux box filter everything. I would rather have linux box behind the router. Is there a way to route all traffic through a linux box behind this router without having a public address on one of the NICs?
|
You can do it either way. You can leave the router there but config your clients to use the firewall IP as their gateway so the traffic is routed thru there first. Sorta like this:
<wan ip>--<Cisco>192.168.0.1---192.168.0.2<firewall>192.168.1.1--internal IP range
Or you can remove the router and let the firewall route for you.
<wan ip>--<firewall>192.168.x.x---internal IP range
Quote:
2. I have 4 users that connect through a VPN to this location from another location and they are connecting using the WIN2000 server as the endpoint. Is there a way to have linux manage the VPN connection or can it still pass just certain traffic to the win2000 server?
|
Yes and yes. Again you can have the firewall be the VPN end point or you could pass VPN traffic to your win2000 server for authentication and tunnel.
Quote:
3. Can I have this linux box act as my DHCP and DNS server without risking my internal clients or should I let the Win2000 box handle that and just have a dedicated firewall?
|
Again, both yes but depends on what you want to do with your network. I believe in a firewall as a dedicated device but the ICSA says you can run DHCP and be certified.
Bottom line is how far do you want to go with your network? My setup is a firewall at the DSL side and it does DHCP and acts as the VPN endpoint for roaming users and site to site connections. But then again, that is what the business wanted.