Firewalling existing Linux/Windows network

Hi,

We have a small cluster of machines running on a network with other
groups. We are currently firewalling ourselves with a Linux
Bridge-Firewall between our group and the rest of the network, something
like this

world <-> Physics.subnet <-> Bridge-Firewall <-> CMP.subnet

where Physics and CMP are on the same subnet (and no, we can't really
change that otherwise it'd be a lot easier).

We're currently having some problems and the hardware is old and skanky
so I was thinking the easiest thing to do is get a little dedicated
'firewall' box to handle this for us cos maintaining the Linux bridge is
cumbersome and beyond the talents of the person looking after it all
now.

Can anyone suggest a suitable all-in-one box that could take over the
job of the Linux Bridge-Firewall? Low maintenance is a priority, it just
needs to filter packets and not get in the way (ie invisible slot in)
and being adminable from Linux (via web would be fine) is a bonus but
not a priority.

Cheers,
Frink

--
Doctor J. Frink : 'Rampant Ribald Ringtail'
See his mind here : http://www.cmp.liv.ac.uk/frink/
Annoy his mind here : pjf at cmp dot liv dot ack dot ook
"No sir, I didn't like it!" - Mr Horse

"Doctor J. Frink" wrote:
>
> Hi,
>
> We have a small cluster of machines running on a network with other
> groups. We are currently firewalling ourselves with a Linux
> Bridge-Firewall between our group and the rest of the network, something
> like this
>
> world <-> Physics.subnet <-> Bridge-Firewall <-> CMP.subnet
>
> where Physics and CMP are on the same subnet (and no, we can't really
> change that otherwise it'd be a lot easier).
>
> We're currently having some problems and the hardware is old and skanky
> so I was thinking the easiest thing to do is get a little dedicated
> 'firewall' box to handle this for us cos maintaining the Linux bridge is
> cumbersome and beyond the talents of the person looking after it all
> now.
>
> Can anyone suggest a suitable all-in-one box that could take over the
> job of the Linux Bridge-Firewall? Low maintenance is a priority, it just
> needs to filter packets and not get in the way (ie invisible slot in)
> and being adminable from Linux (via web would be fine) is a bonus but
> not a priority.

Asking how to eliminate Linux on a Linux NG isn't likely to elicit too
many answers I would have thought.

Try uk.comp.security.

Regards, Ian

On Sat, 20 Sep 2003 21:34:53 +0100, Ian Northeast
<(E-Mail Removed)> wrote:

>Asking how to eliminate Linux on a Linux NG isn't likely to elicit too
>many answers I would have thought.

This isn't advocacy. This is trying to match the functionality of a
*linux* machine in dedicated hardware. If I was there it would be
reconfigured or transferred to another machine. But I'm not. As someone
here might have used the Linux bridge-ipchains/iptables setups *and*
standard off the shelf kit I thought it might be good place to ask.

>Try uk.comp.security.

I will.

Cheers,
Frink

--
Doctor J. Frink : 'Rampant Ribald Ringtail'
See his mind here : http://www.cmp.liv.ac.uk/frink/
Annoy his mind here : pjf at cmp dot liv dot ack dot ook
"No sir, I didn't like it!" - Mr Horse