DJ Lucas wrote: > On 10/15/2011 10:20 PM, Bruce Dubbs wrote: >> Wow. That's a lot. I think I have one. I use a Linksys router with >> DD-WRT, but I don't try to access any inside systems from the outside.
> Going way OT, but like I said, overly complex. I have 3 internal > networks, one for clients, one for servers, and one for testing. I'm > very explicit about what traffic goes where from each of the boxes in > the server and testing VLANs. For instance, DNS alone accounts for 6 > distinct rules in the v6 chain - that's UDP out for each of the server > and testing VLANs, UDP in to each of the others from the client VLAN, > and 2 TCP rules for zone transfers between testing and server VLANs > (currently not utilized). It's pretty well locked down I think, but I'd > like to have the ability to verify that myself at some point as I > currently have only one IPv6 network at my disposal. That's very interesting. If everything is going through one router, then I can see why it is so complex. It would really take a lot of knowledge to maintain such a thing. I know you can do it, but in a more common environment, I'd simplify it by using multiple routers so mere mortals could manage it. :) -- Bruce -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
