Q: Im ready to exchange it for a Via Epia Mini-ITX kit fan-less and will be using a compact flash card to IDE adapter and the establishment of a Smooth Wall or Ipcop router to my Windows 2003 e-mail and web server.
Mostly what I wanted the router at the time the U.S. was not the IP address filtering before they reach my Windows machine. Currently they are blocked by the directory security in IIS for Web sites and through an IP blacklist in my post server.
Is possible to have my public ip pass through the router, the router does not filter USA IPS, and then along the same public ip on my Windows machine?
Best Answer: I can't tell whether IPcop is a filter or a firewall.
If it is a filter, I would put it up in front of the router. You don't really need to worry about someone running a web server in your LAN and having other people (local) connecting. If Ipcop is a filter and it will filter email (again i don't really know how your mail server is set) then I would set it behind your router.The problem with setting it behind the router is that if someone could connect directly to the router, they could bypass the filter.
If it is a firewall, then set it behind the router. This way it can govern the LAN and WAN. I don't know what settings you would have to change. I truly don't even now if you can do it with linksys. I would google.
As for, turning off a firewall. I would leave them both on. I think that, unlike AV, firewalls will play nicely together. Running both of them may be an problem when you want to open a new port, but if someone can bypass one (either from WAN or LAN side), they have another to go through. But, then again, you would rather have someone bypass your IPcop box than your router.
I looked at IPcop a little, but I really can't tell you if this will even work. I have never tried it. Filters and firewalls have never been my thing. I would set up the network both ways and then set up a sniffer and see what data can pass. One way may slow down your LAN, I don't know. If you do set IPcop behind the router, you may need to change a lot of settings, but again I don't know.
As always, Email me if needed. I will think some more about your question and let you know if I come up with anything new.
Good Luck and let me know what you end up doing.
Re:Can you point me in the correct direction guy.
:beer: Thanks for the help guys :beer:
Re:You want one-to-one NAT. There are firewalls that exist which can map static IPs to machines behind the firewall. The only caveat is, of course, the firewall will have to have an IP.
Re:Originally posted by: guy
Is there a specific reason you don't want to NAT to your server? Just curious.
Not really guy 
Re:Is there a specific reason you don't want to NAT to your server? Just curious.
Re:That's the way I should have phrased it – firewall with no ip
Re:With OpenBSD's bridged mode you get something like:
INTERNET – OpenBSD firewall with no IP – web/mail server with external IP
I'm sure Linux has a way to do this too, but I don't know it.
Re:That is close guy. The web and email server are on the same Windows 2003 box. My public ip is 216.x.x.x . I know this diagram will suck but here is what I was hoping to do.
Public ip –> mini-itx firewall (no nat) to filter non USA ips –> web/mail server (w/original public ip) .
The hand holding nature of Smoothwall and IPcop are nice , but if I need to learn BSD to do it , that is the route I will pursue .
Thank you :beer:
Re:I'm not sure about those two distributions you mention, but OpenBSD has a bridging mode where the firewall sits between the internet and your network, but no one knows it is there. It won't do NAT or anything, just block packets and allow your email server and your webserver to have their own IP addresses. Is that what you mean?
0 Comments.