Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] How many firewalls?
  • From: "Dr. Harro Rosner" <ros@xxxxxxx>
  • Date: Wed, 16 Jan 2002 08:55:54 CET-1CDT
  • Message-id: <20020116090221.ACEB138AF@xxxxxxxxxxxxxxxx>
> Hi!
>
> I want to set a up a DMZ in my school.
> The only thing I want to know, is:
>
> - Internet -> HARDWARE-ROUTER -> FW -> DMZ -> FW -> Intranet
>
> or
>
> - Internet
> |
> |
> Hardware-Router
> |
> |
> |
> FW
> DMZ _______/\______Intranet
>
> (I hope, this ascii art is good enough... :-/)
>
> Our school has no good connection and low traffic but this is for a
> skilled work (the german term is 'Facharbeit') and so I want a really
> secure thing (no, I won't cut the cable ;-D).
>
> Any comments or proposals?
>
> Thanks,
> Max

Hi Max,

I would prefer the first setup, because it better protects your
internal network. If you for instance face a DoS-attack, the first FW
acts as a bastion host.
In the first setup you are also better able to place
application-layer proxies in your DMZ to filter traffic from internet
to your schoolnet and vice versa.
I suggest you reading the "Firewall - Handbuch" (in german) at

http://www.little-idiot.de/firewall/zusammen.html by Guido Stepken

btw.: nomen *non* est omen in this this case

kindly regards
Mit freundlichen Grüßen

Dr. H. Rosner
Stadtverwaltung Jena
Hauptamt / Datenverarbeitung

Tel: 03641 49 4181
Fax: 03641 49 4167
eMail: ros@xxxxxxx

< Previous Next >
References