Internet through Firewall

[netwalker1]

I need to install an Internet Machine using the following senario :

Users --> Firewall --> Internet Machine --> Router --> Internet

All the users should connect to the Internet Machine as a client/server mode - so that when they browse the Internet they actually not connecting directly to the Internet ..

The Internet Machine should has a WebContent Software - and a Good - resonable AntiVirus System ..

The Internet Machine could be Windows or Linux

Any Suggestions ?


Mohamed Farid
[green]Know Me No Pain , No Me Know Pain !!![/green]

 

[usalabs3]

why would you want that scenario?, the router can block internal ip's if a particular user is abusing the system via an admin page of the router.

My setup I use at the moment is like this:-

Internet
|
Pc Configured as Firewall
| |
Server-----------| |
|
-------------------Router--------------------
| | |
| | |
| | |
User 1 user 2 user 3

The firewall Pc is running Linux and has 3 lan cards.

The other Pc's run windows xp, the router has a logging system via the admin panel, that can be analyzed to see which pc is being used for scrupulous uses, and that pc's internal IP can be blocked by the router if needed, but, the other Pc's only have limed access accounts which prevent users from changing the tcp/ip ip address of any particular pc.

I don't know if this is what you're looking for, but this setup works for me.

 

[netwalker1]

what are the software you are using with your Linux Box ?

Mohamed Farid
[green]Know Me No Pain , No Me Know Pain !!![/green]

 

[usalabs3]

I'm using mandrake for the linux box

 

[netwalker1]

In my situation ,,

Users --> Firewall --> Linux Box --> Router --> Internet

How can I setup the Linux Box + give the user the remote DiskTop connection on it ?

Mohamed Farid
[green]Know Me No Pain , No Me Know Pain !!![/green]

 

[Sympology]

If you don't have any joy in this forum, try:

http://www.tek-tips.com/threadminder.cfm?pid=849

It's the proxy server forum.

Stu..

Only the truly stupid believe they know everything.
Stu.. 2004

 

[usalabs3]

You didn't explain if there are going to be multiple Pc's or different users on the same Pc.

If multiple pc's I suggest this scenario:-

User1<-->|
User2<-->|<--Router<--firewall<--Internet (highspeed modem)
User3<-->|
User4<-->|

This setup is if the router has a 4 port switch, if not, you'll have to connect each pc to a multport switch, then connect that switch to the router.

I setup this scenario for someone with 8 computers in their house, and each pc is running windows xp with Norton Internet Security 2005, connected to an eight port data switch, then to the router, then to the highspeed cable modem.

The router issues each computer it's own internal IP address, and thus is not directly connected to the internet.

For example, if you have an internet IP address of 49.65.123.10 the router uses that IP address to connect to the internet, but internally, the router issues IP addresses with 192.168.x.x (x=anything from 0-255) to each computer connected to the router, thus, in effect hiding each computer from the internet, because 192.168.x.x is an invalid internet IP address.

Most routers have an internal firewall that can be set using an admin page, which means that port scanners etc, are not actually scanning your pc's but scanning the router for open ports in the firewall that connect to a pc, unless of course, you set a particular pc as a server and open it to the internet using dmz in the router, (dmz=DeMilitarized Zone), which opens all ports on a particaular internal IP address.

I hope this was useful.

 

[usalabs3]

Addendum to last post......

Using this scenario, each pc can still share it's resources without opening them up to the internet, by blocking port 143 in the router.