Internal Network: 10.0.0.1/24 (eth1)
DMZ: 10.23.23.1/24 (eth2)
Server10: 10.23.23.10/24
Server11: 10.23.23.11/24
Public IP: 192.168.100.215/24 (eth0)

Layout:
                   DMZ
                    I
Internal Net --- Firewall --- Public Net


Security policy:
- Stateful Packet Filter for ~256k Connections
- All packets that are not explicitly allowed, have to be dropped
- All packets that are dropped have to be logged
- No access from the public network to the Firewall itself
- No handling of multicast and/or broadcast packets
- Antispoofing rules for each interface
- All traffic from Internal / DMZ to public must be NAT'ed 
- All machines in DMZ
	- Allowed to initiate any kind of connection to Public network
- Server10:
	- Administrative access via SSH from Public and Internal Network
	- HTTP access from Public and Internal Network
	- DNS access from Public and Internal Network
- Server11:
	- Administrative access via SSH from Public (Port 2222) and Internal Network
	- SMTP access from Public and Internal Network
- All machines in Internal Network:
	- Allowed to do FTP, SSH, POP3S, IMAP4S to Public Network
	- HTTP via transparent proxy on Server11:3128