Specifications
Protocol icmp ftp ssh smtp http https . . .
Client internal external i. e. i. e. i. e. i. e. i. e.
host1 x – x – – – x – x – –
host2 x – – – x – x – – – – –
host3
. . .
hostn
With the help of such a communication matrix, obtain an overview of the com-
munication constellations within the network. This simplifies the configuration
of your network and error analysis.
Typical Firewall Setups
This section gives a brief overview of the most typical firewall setups. All the
configurations presented below can be implemented with the SuSE Firewall on
CD.
Figure 1.1: Very Basic Setup
Figure 1.1 shows a firewall with three network interfaces: an external one to
connect to the Internet and two internal ones connecting with the corporate
network via LAN or HUB and with the DMZ (demilitarized zone) using another
HUB. With this setup, the firewall has to perform all the functions of the default
gateway (router) and the packet filter. The internal network would be left
completely open if the firewall were infiltrated.
The setup shown in Figure
1.2 on the facing page is still a relatively simple one.
The DMZ is only protected by a packet filter on the router (screening router).
The setup shown in Figure 1.3 on the next page is still not very complicated, but
provides much better protection than the previous ones. A “screening router”
12 Typical Firewall Setups