quote:

---

Originally posted by willay

quote:

---

Originally posted by Dom
I know that the red and green sides can't share the same subnet, but thought you could run the same same ip range as long as the subnets were different (though idealy it's seen that you should have different ip addresses and subnets)?

Otherwise like you say, you'll have to change you're internal addresses

---

If a device has the same subnet on each side (on both network connections) then its a filtering bridge type device, i.e. its transparent to the user but stis there and filters ;)

A router by description is a device that forwards packets from one subnet to another.

---

The setup i have drawn at the top of the thread is the one now in use...all web traffic is now routed out the cache, into the firewall and then to the router.

For test purposes i have taken my default gateway out (92.20.0.10) and it seems to work.

[Edited on 13-02-2007 by Aj.]

Its an RM Smart Cache running Squid

I have total control over this network and yes i can work on the firewall :)

aj - whats the Web Cache box running? What caching software/operating system? Also what control do you have over this network? Can you remove/touch the firewall?

quote:

---

Originally posted by Dom
I know that the red and green sides can't share the same subnet, but thought you could run the same same ip range as long as the subnets were different (though idealy it's seen that you should have different ip addresses and subnets)?

Otherwise like you say, you'll have to change you're internal addresses

---

quote:

---

Originally posted by Dom
Steve, you're probably thinking of Snort which is a firewall (IDS), which is another route Aj could go down - installing it on a linux distro (might be worth looking at).
But smoothwall is pretty simple to setup and is capable of doing a lot more that just a basic firewall :)

---

I know that the red and green sides can't share the same subnet, but thought you could run the same same ip range as long as the subnets were different (though idealy it's seen that you should have different ip addresses and subnets)?

Otherwise like you say, you'll have to change you're internal addresses

Yeah exactly, thats why i've stuck the 192.168.100.X addresses in there.

I was told by a former colleague that in order for a firewall to function properly, the Green and Red sides cannot be on the same range of addresses

My only other option is to change all the internal addresses on my network. I'll have a look round the forums on smoothwall.org


[Edited on 12-02-2007 by Aj.]

as smoothwall is nat'd, i believe you need to set each system to have the gateway of the smoothwall rather than the router. Im not too sure that smoothwall can just be ran as a firewall without nat'ing the connection etc.

Would be worth asking on the smoothwall forums, as im not 100% to be honest :)

Also..

At the moment i have the default gateway for the client machines set to 92.20.0.10 (router)...once i implement this setup i'll need to take that out right?

The fact that we have no natting at the moment is a bit of a problem, which is why i've looked at doing it the way in the diagram (with the 192.168.100.1/2 addresses)

I'd like to set our LAN to a private range address during the summer holidays, i dont have enough time to get round everything during this half term.

Steve, you're probably thinking of Snort which is a firewall (IDS), which is another route Aj could go down - installing it on a linux distro (might be worth looking at).
But smoothwall is pretty simple to setup and is capable of doing a lot more that just a basic firewall :)

Our cache is a squid box :|

i dont think its designed as a firewall tho

use a proxy as your firewall, install something like Squid caching proxy with redhat on it

No worries, let us know how you get on :)
Btw, i would recommend that you sign up to the smoothwall forum, helped me out loads when i didnt have a clue with linux and smoothwall :lol:

Oh, and when you get it up and running have a look > here < and look at the IDS (snort) mods, especially the rules update (+automatic extentsion), as the rules don't get updated on smoothwall as standard. :)

Excellent :)

Yeah the cache will need to stay because its a video cache as well as web.

I'll have do some more work on it tomorrow and get in touch with you if i need any help. The caretakers kicked us out early today so couldnt finish what i was doing on it.

Thanks for the offer of help also :thumbs:

[Edited on 12-02-2007 by Aj.]

I run smoothwall on my home network here and it does web cache/proxy (aslong as you have a decent spec system withplenty of ram) and it works well, so you might be able to kill two birds with one stone there - eg:

Internet----Router-----Smoothwall-----LAN

But yes it should work fine and you can customise it until the cows come home :thumbs:

p.s - not sure about your ip addresses though, it would be
92.20.0.10 (router) -> (92.29.0.11) Smoothwall -> (192.168.x.x) Lan, that's if you didn't have the seperate web cache server etc

p.p.s - if you need a hand setting up smoothwall, give us a shout. Im not an expert at it but i know my way around it fairly well :)

Stupid Visio..its cut off some text. :mad:

Internet----Router-----Firewall-----Web Cache-----LAN

Ok..i want to put a firewall into the school i work in. The only firewall we currently have is the one at our ISP...and it isnt good enough IMO.

Our LEA have given us a Class B address and we currently have no natting therefore the addresses on our LAN are 92.20.x.x

My question is would this setup work?



I would like to have got a SonicWall but we can't afford it. I have now looked down the open source avenue and quite like the look of Smoothwall.

This side of networking is quite new to me, i am more used to working with Active Directory etc

Any pointers would be great