Correct me if I'm wrong, but I believe there are some problems with your proposed solution:
> * Tandex ([EMAIL PROTECTED]) [010820 18:39]: > > Do I need 2 net-card on linux-gateway that use ipmasq? > > Now on to my reply: the other reply to your question gave a wrong > answer. You do not need 2 NICs to route between 2 networks; there's > something called "one-armed routing" which makes use of IP aliasing, > which is giving a single NIC multiple addresses. > -- > Vineet http://www.anti-dmca.org There are a few cases where this is dangerous: * I am assuming your firewall exists to protect your network, by providing packet filtering (potentially inbound AND outbound). 1) If an attacker learns an internal address, and your internal network is unrouted (on a single segment of ethernet), they would be able to get packets (unfiltered) into your network, unless your upstream router/DSL/Cable modem etc is going ingress filtering. 2) If one external (say a web server) is "owned" on your internal network, you have no DMZ to protect the rest of your network. The one compromised machine has conciderable power in this case, and would be less dangerous if trapped inside a DMZ. (potentially using egress filtering, to prevent attackers from getting much use out of a compromised machine.) That said, I use a hub out of my dorm (and ip aliasing, which is neat stuff) and don't really have any problems. I also don't have a serious firewall setup, if I did, I'd probably use a dual (or probally 3-NIC) setup. I haven't been following this thread, so ignore this if it isn't relevent. I just thought it was important to mention the risks involved in such a setup -- it's not really a "firewall" at all against a determined attacker. -- Adam Lydick
