Chapter 3. Document Goals

In our example we will configure a firewall located between two networks, external (untrusted - 192.168.1.0) and one internal (trusted - 10.0.99.0). Here is a table of the servers and their IP addresses.

Table 3-1. Server Addresses

ServerAddress
Firewall (external interface)192.168.1.81
Firewall (internal interface)10.0.99.1
Administrator's host192.168.1.150
Mail server10.0.99.11
DNS server10.0.99.12
Web server10.0.99.13
SIMAP/SPOP3 server10.0.99.11

As just one example, in your environment the 192.168.1.0 network used here could represent your external network or the Internet and the 10.0.99.0 network could be your internal network. In this type of scenario the firewall is made to look like a group of servers (for example DNS, SMTP, FTP, HTTP, etc.) to the external network. The Internet facing interface (represented here by 192.168.1.81) receives the packets for all of these services and then forwards them to the appropriate servers on the internal network (represented here by 10.0.99.0/24) in the private IP network space. This is different from having a group of servers in a publicly addressable DMZ. I chose this example as it involves firewall configuration that exercises more functionality and provides the reader with a broader information base. This is also useful if the user has very small group of public IP addresses. In fact this could be used when there is only one public IP address to represent a group of servers and services. In addition to this our example will accomplish the following:

Note

A general note about defining networks. Networks in the Guardian Digital WebTool are defined in CIDR notation so for example the network 192.168.1.0 with a netmask of 255.255.255.0 would be defined as 192.168.1.0/24. You will need a general grasp of how CIDR notation works or you may improperly configure the firewall in certain instances. If CIDR is new to you, you should research how it works before continuing the firewall configuration.

Note

In the networking world there is the public and private address space. The public address space is made up of typical IP addresses that can be routed through the Internet. The private address space is made up of a group of IP addresses reserved specifically for use in private networks that are not directly connected to the Internet. Understanding these concepts is absolutely necessary before continuing the firewall configuration. If you are not totally familiar with the distinction between public and private IP addresses you need to stop here and research these concepts.