Hello,
I would like your helpful suggestions to improve a
network setup. The current setup is as follows:
<ISP>---<ADSL Router>---<HUB>---<LAN1>
|
<3com firewall>---<DMZ: POP3
downloader PC>---<Digital Line>
|
<LAN2>
Considering that my department wants to eliminate the
Digital Line soon because too expensive and that they
wish to keep the 3com router,
I thought of the following setup:
<ISP1>---<ADSL Router 1>--
|
<ISP2>---<ADSL Router 2>---<Linux
Shorewall>---<HUB>---<LAN1>
|
<3com
firewall>---<HUB>---<DMZ router port: LAN3>
|
<LAN2>
<Linux Shorewall> would be a shorewall router with
various services such as Squid proxy, QoS,
Dansguardian content filtering, fetchmail, Antivirus,
etc.
<DMZ router port: LAN3> is a 10 PC network which
should be protected so that traffic LAN3 to LAN2 is
ALLOWED and LAN2 to LAN3 is BLOCKED (would set this in
the 3com device)
Would appreciate comments on this setup.
As a side-question, does anyone know if I can use QoS
on the Linux Shorewall (with Squid HTTP proxy) and
shape HTTP traffic according to certain LAN IPs?
(would like to force everyone to use the proxy but
would like to do QoS according to LAN IPs) I''m not
sure how to do this since it''s the proxy on the
shorewall machine that will be generating the HTTP
request for the LAN pcs.
Thanks in advance for any tips.
Vieri
__________________________________
Yahoo! Mail - PC Magazine Editors'' Choice 2005
http://mail.yahoo.com
-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
It seems that I didn''t send the ASCII network setup
correctly. Let me re-post (sorry):
1st setup:
<ISP>---<ADSL Router>---<HUB>---<LAN1>
|
<LAN2>---<3com firewall>---<DMZ: POP3
downloader PC>---<Digital Line>
2nd setup:
<ISP1>---<ADSL Router 1>--
|
<ISP2>---<ADSL Router 2>------<Linux Shorewall>
|
<DMZ port: LAN3>---<3com firewall>---<HUB>---<LAN1>
|
<LAN2>
--- Vieri Di Paola <vieridipaola@yahoo.com> wrote:
> Hello,
>
> I would like your helpful suggestions to improve a
> network setup. The current setup is as follows:
>
> <ISP>---<ADSL Router>---<HUB>---<LAN1>
> |
> <3com firewall>---<DMZ: POP3
> downloader PC>---<Digital Line>
> |
> <LAN2>
>
> Considering that my department wants to eliminate
> the
> Digital Line soon because too expensive and that
> they
> wish to keep the 3com router,
> I thought of the following setup:
>
> <ISP1>---<ADSL Router 1>--
> |
> <ISP2>---<ADSL Router 2>---<Linux
> Shorewall>---<HUB>---<LAN1>
> |
> <3com
> firewall>---<HUB>---<DMZ router port: LAN3>
> |
>
> <LAN2>
>
> <Linux Shorewall> would be a shorewall router with
> various services such as Squid proxy, QoS,
> Dansguardian content filtering, fetchmail,
> Antivirus,
> etc.
> <DMZ router port: LAN3> is a 10 PC network which
> should be protected so that traffic LAN3 to LAN2 is
> ALLOWED and LAN2 to LAN3 is BLOCKED (would set this
> in
> the 3com device)
>
> Would appreciate comments on this setup.
>
> As a side-question, does anyone know if I can use
> QoS
> on the Linux Shorewall (with Squid HTTP proxy) and
> shape HTTP traffic according to certain LAN IPs?
> (would like to force everyone to use the proxy but
> would like to do QoS according to LAN IPs) I''m not
> sure how to do this since it''s the proxy on the
> shorewall machine that will be generating the HTTP
> request for the LAN pcs.
>
> Thanks in advance for any tips.
>
> Vieri
______________________________________________________
Yahoo! for Good
Donate to the Hurricane Katrina relief effort.
http://store.yahoo.com/redcross-donate3/
-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl