[lug] Setting up a firewall...

[Brian Jarrett]

Scenario:  Anti-Linux Boss just bought a Linux-based "firewall" for our
Class C network.  (I think hell is about to freeze over!)  The company
selling this low-end model is saying that we have to have to use
"non-routable" IP addresses (reserved addresses like 192.168.x.x) behind the
firewall.  They are also telling my boss that our web servers, etc. will
have to be on their own in our Class C network so that the Internet has
access to them.

So it appears that this is the case with this low-end firewall solution.  It
won't do port forwarding, but it will do NAT.  Setup of the firewall seems
to only allow "non-routable" address on the LAN side of the box.

Question:  Am I wrong, or wouldn't we just be better off setting up our own
Linux system as a firewall?  Since we have a Class C, I see no reason not to
use the addresses allocated.  I would think that we could use the firewall
to restrict IP traffic to port 80 for our web servers, and so on, but still
use our Class C which would protect all or machines, not just the
workstations.

Does anyone have some other suggestions?  I know a lot about TCP/IP, but I'm
just now getting into the security side of things.  I'll probably end up
setting up whatever we decide to do.

Brian