Dial−up Architecture
You may be using a dialup service like an ISDN line. In this case you might use a third network card to
provide provide a filtered DMZ. This gives you full control over your Internet services and still separates
them from your regular network.
__________
_/\__/\_ | | _______________
| | | Firewall | (LAN) | |
/ Internet \−−−−| System |−−(HUB)−−| Workstation/s |
\_ _ _ _/ |__________| |_______________|
\/ \/ \/ |
(DMZ)
(HUB)
Single Router Architecture
If there is a router or cable modem between you and the Internet. If you own the router you could setup some
hard filter rules in the router. If this router is owned by your ISP so you may not the have the needed controls.
You can ask your ISP to put in filters.
_________ __________
_/\__/\_ | Router | | | _______________
| | | or | (DMZ) | Firewall | (LAN) | |
/ Internet \−−−−|Cable Mdm|−−(HUB)−−| System |−−(HUB)−−| Workstation/s |
\_ _ _ _/ |_________| | |__________| |_______________|
\/ \/ \/ |
(Outside)
(Server)
Firewall with Proxy Server
If you need to monitor where users of your network are going and your network is small, you can intergrate a
proxy server into your firewall. ISP's some times do this to create interest list of their users to resell to
marketing agencies.
Firewall and Proxy Server HOWTO
SOCKS Proxy 7 __________
_/\__/\_ | Proxy / | _______________
| | | Firewall | (LAN) | |
/ Internet \−−−−| System |−−(HUB)−−| Workstation/s |
\_ _ _ _/ |__________| |_______________|
\/ \/ \/
You can put the proxy server on your LAN as will. In this case the firewall should have rules to only allow
the proxy server to connect to the Internet for the services it is providing. This way the users can get to the
Internet only through the proxy.
__________
_/\__/\_ | | _______________
| | | Firewall | (LAN) | |
/ Internet \−−−−| System |−−(HUB)−−| Workstation/s |
\_ _ _ _/ |__________| | |_______________|
\/ \/ \/ | ______________
| | |
+−−−−| Proxy Server |
|______________|
http://bestproxy.net/