[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 314
  • Last Modified:

buil a solaris-based firewall

dear,

I'm planing to build a firewall by using one ultra 60 solaris 9 installed with Ipfitler.
The box a LAN card builtin and I would like to add another card (PCI card). The Buil-in (interface hme0) will go out to INTERNET through ISP (for instace: ext IP: 209.172.108.6)
The extra PCI card (eth1) will connect to a switch and then to my LAN included: 1 webserver, 1 database server, 1 FTp server, 1 mail server.

What configuration i should put on the eth1 card as well as my servers?
beside that, I'm not sure about hardware compatibility between SUN and any kind of PCI network card.

Can you expertes give me some insight?

Thanks alot. I'm grateful for your help
0
valleytech
Asked:
valleytech
  • 2
2 Solutions
 
NopiusCommented:
1) You may find some drivers for your PCI card. At least there is working 3COM driver for 3c905c ( http://sol-enet.sourceforge.net/index.shtml  http://www.confusioncentral.com/ethernet/ethernet.html ), it works. Some Solaris features are unavailable with this card, but you hardly need to worry about it.
2) Configuring ipfilter on Solaris is the same as on any other system. You should configure NAT. Read HOWTO: http://www.obfuscation.org/ipf/ipf-howto.html#TOC_29

0
 
valleytechAuthor Commented:
thanks for your comments.
My point is that: for instance

one eht0: i ipconfig like this:
ip: 209.172.108.4
dns: provided by my ISP

on eth1: 192.168.1.1. what subnet mask should it be? (simply 255.255.255.0??). What are gateway, primary dns and secondary dns for this inteface?

ON OTHER SERVERS (web, database)
eth0: 192.168.1.2
gateway: 192.168.1.1

are those correct?
thanks alot
0
 
NopiusCommented:
1) eth0 and eth1 are hardly network interface names on Solaris, just to be shure that you understand this :-)
2) not ipconfig, but ifconfig is used on Solaris to configure interfaces. man ifconfig
3) Solaris has system wide resolver, it's not an attribute of  your network card. So you will use only external ISP's DNS.
4) Netmask depends on your LAN design preferences only. And Yes 255.255.255.0 is a correct value for 192.168.x.x network.
5) On other servers there will be many addresses, gateway is correct, DNS server should be also be the same as on Solaris host.


0
 
gheistCommented:
Why not Solaris 10 ??? Why stick with old release for fresh instalation?

For any PCI netcard support:
Better ipfilter for Ultra 60:
http://www.netbsd.org/Ports/sparc64/
Not ipfilter, but mostly compatible with ipfilter config:
http://www.openbsd.org/sparc64.html

Athlon/Opteron will be cheaper today.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now