GBdirect: Firewalling with Linux

“Using a configuration like this it is simple to set up and
control web access for staff inside the firewall – they simply
point their browsers at the proxy on the inner firewall machine.
This setup also provides an excellent email service if wanted. …
Some organisations also choose to run the Samba software so that
the inner system can provide file and print sharing services for
Windows PCs.”

“The external connection to the Internet can be via ISDN
dial-up, using either a slot-in card on the outer proxy host or a
separate external router. If the usage grows to the point where a
permanent connection is required, there is no need to go to the
extra expense of purchasing a leased-line router; an X.21 card can
be plugged into the host instead.”

“The system is based on two machines running Linux from Red
Hat (Release 5.1). Each machine contains two Ethernet cards, and
runs both sendmail and Squid. The inner of the two machines will
accept only telnet, FTP, mail and web requests (via Squid).
will only accept such connections from the machines on the internal
network or (optionally) from the outer machine. Telnet and FTP
requests are handled by the standard Linux telnet and FTP daemons.
Web requests are only accepted if they are directed to the squid
proxy on the inner machine. … Since the outer firewall machine is
not visible to any of the machines on the internal network web
requests are forced to go through the squid on the inner machine.
… The outer of the two machines will accept only mail delivery
requests from the outside world, thus providing protection against
unwanted connections. It will accept FTP and telnet connections
from the inner firewall machine, allowing remote maintenance of the
machine. It will also handle web requests via its own copy of
squid, thus providing web access. Mail is handled in a similar
waterfall fashion. The proxy (sendmail) on the outer machine
accepts mail for the relevant domains, but simply forwards it to
the proxy running on the inner firewall machine. In turn, this
sends the mail on to the machine(s) on the internal network that
actually handle the mail.”