I discussed the possibility of using a singel system with 3 NIC's with Jens Hellmerichs-Friedrich (of FCT):
http://www.fen.baynet.de/~ft114/FCT/index.htm and he seemed to think that this would be as "secure" if set up properly as putting togther two systems with two NIC's apiece. He felt the assistance of a rule generator such as FCT would be key to making a complex system such as a three ported router something which could be configured routinely without "pulling your hair out". Below see examples of two vs three ported packet filters: Firewall Architecture = screened subnet: Two two Ported packet filters vs. ---------- inet a | a | S a | u : pipeline50 aaa.bb.cc.1 b b | n b | e : HUB-----my regular hosts that I'm using to type this email. t c | c | : | 0 _____________ |aaa.bb.cc.8 | | | ________| pacfil-a | | | |aaa.bb.cc.129| a ------------- a | S a | u : | _____________ b b | | | n b HUB-------| bast-1 | e : | |aaa.bb.cc.130| t c | |_____________| c | : _______________ 1 | aaa.bb.cc.131 | 2 | | 8 | pacfil-b | -------| | 1 | 192.168.1.1 | 9 -------------- I 2 | N : | T 1 | E 6 -------------- R 8 | | N : | test host | A 1 | | L : | 192.168.1.2 | 0 |______________| N E T One Three ported packet filter. ------- inet a | a | S a | u : pipeline50 aaa.bb.cc.1 b b | n b | e : HUB-----my regular hosts that I'm using to type this email. t c | c | : | 0 --------- | | _______ ----------------------- | aaa.bb.cc.8 | a | | a | | S a | | u : | | _____________ b b | | | | n b | aaa.bb.cc.129 |----HUB-------| bast-1 | e : | | |aaa.bb.cc.130| t c | | |_____________| c | Packet Filter & | : | Masquerade System | 1 | | 2 | | 8 | | | | | 192.168.1.1 | ------- ----------------------- 1 | I 2 | N : | T 1 | E 6 -------------- R 8 | | N : | test host | A 1 | | L : | 192.168.1.2 | 0 |______________| N E T Henry Hollenberg [EMAIL PROTECTED] -- E-mail the word "unsubscribe" to [EMAIL PROTECTED] TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble? E-mail to [EMAIL PROTECTED] .
