Router + firewall + NIDS questions

[Warren Togami]

Intruiging idea with the additional NIC's for isolation.  The iptables rules
configuration will be much more complicated, but the resulting config will
be very secure and powerful.

Maybe you can avoid buying a wireless access point entirely and do Point to
Point connections.  Rather than iptables disabling routing during times of
the day, you could schedule cron jobs to disable the entire wireless card on
the server, then reenable later in the day.  I haven't tried point to point
or disabling cards, but I'm sure it is possible.

----- Original Message -----
From: <beesond001 at hawaii.rr.com>
To: "Linux & Unix Advocates & Users" <luau at list.luau.hi.net>
Sent: Saturday, August 25, 2001 9:26 PM
Subject: [luau] Re: Router + firewall + NIDS questions


Warren,

Thanks for the point out to your guide.

What you mention below is pretty much what I am interested in doing.
So, is this a two NIC + hub project, or can I run this as say a four NIC
project, one for cable modem, one for VALinux, one for the Sparc, and one
for the two wireless clients?  The reason I ask this is that I think it
may be easier to limit access by routing/firewall rules if I need to do
that.  For instance, I could easily firewall anything to and from eth3
from 10pm until 5pm the following day if I need to.  This would leave
that connection open only when the kids would be at home and doing
homework etc.

You may also have some comments about what I wrote to Joe Paleafei via
separate reply.  If so, I would be interested to hear what they are.

As I mentioned to Joe, this is a learn as I go project, so any pointers
you or anyone else offer will be greatly appreciated.

Thanks in advance for all your help,

Ben