=============Internet BackBone(s)==========
^
|
___v____
WAN | |
| ISP |
| Router |
|________|
^
|
.............................|......................................
|
|
_____v_____ .... ___________________
| | | |
| Fire Wall | | Network Server(s) |
Network |___________|....|___________________|
Services ^ ^
| .
| .
.............................|.....................................
| .
v v
--------------------+-----------------------
^ ^
| |
LAN | |
192.168.0.0 ____v___ ____v___
| | | |
| User 1 | o o o | User n |
|________| |________|
...................................................................
The Firewall provides access to the WAN for local users and prevents unauthorized access to your local systems from the WAN. It generally involves the WAN connectivity equipment (modem, CSU/DSU, router, etc.) and a computer or router to control access.
Network Servers provide file sharing, centralized backups, print sharing, FAX services, DHCP server, intranet and internet web servers, etc. Also provides cacheing proxy web services, ftp proxy and email services including name translation (firstnameli@yourcompany.com ---> firstname.lastname@uyourcompany.com).
The LAN uses IETF allocated IP addresses reserved for local use only. These IP addresses never appear on the internet. User systems are almost always Windows PC's with an occaisional Mac thrown in.
For small installations (single LAN, 1-20 users) the firewall and network servers are the same machine configured with:
| IPFWADM | IP FireWall services to restrict outside access |
| IPmasq | Optional:IP masquerade allows unrestricted WAN access by users |
| sendmail | for mail transfer to/from the WAN |
| pop3 | for local mail delivery to users |
| apache | with cacheing for inter/intranet web sites |
| squid | Optional:high performance web cacheing |
| Samba | Windows file and print services |
| DHCP | provides automatic network configuration of user PCs |
| hylaFAX | network FAX server and alpha paging support |
| postgreSQL | SQL data base server to support dynamic web sites, etc. |
For medium installations (One or more LANs, 20-100 users) the firewall machine provides minimal services, usually only:
with other services provided by one or more systems on the local network. Multiple systems are also recommended in cases where performance, reliability or security are important considerations.
In cases where security is the top priority (and loss of some functionality is acceptable), IP masquerading will not be used and all local users will access the internet via proxy services on the firewall. The Realtime Blackhole List is always used by sendmail to reduce spam and tightly secured systems use this for other services as well.
See Also: sendmail, ipfwadm, hosts_access, hosts_options.