On Mon, 14 Oct 2002, David Bourgeois wrote: > I would like to setup a linux box as gateway - firewall and NAT (maybe > DHCP too) for a network of SUN workstations, windows (98, XP, 2000) PC's > and macs. > > I don't care about win and mac 's security but would like the SUN > network to be as secure as possible. As I guess win can be easily > compromised or in our case, untrusted persons can have access to it so I > thought of physically separating the unix network from the others by > using 2 subnets (three network cards on the gateway). So having two > private networks, I can filter what goes from one to the other with the > gateway's firewall (iptables in my case) > > Is this the right way to do what I would like? Do you see any problem > pointing out? Any recommandation would be welcome. > > Thanks, > David Bourgeois You should have security for the windows/mac on the firewall itself. If you can, get a mail filter to remove some of the problems with security in windows. Your idea is sound, but don't forget to treat traffic coming from the mac/win part as being traffic from the internet (and vice-vesa). Also make sure that the physical network is distinct (eg 1 network card for the sun network, 1 for internet, 1 for win/mac).
