Thanks for the info, all! -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, May 20, 2004 2:41 PM To: Exchange Discussions Subject: Re: Off-Topic Firewall Question
On Thu, 20 May 2004, at 1:44pm, [EMAIL PROTECTED] wrote: > Is there any loss of security by permitting the DSL modem to be > providing NAT and thus having both an internal and external IP versus > having the firewall providing this? The internal vs external differentiation is something humans apply to particular IP networks. The equipment does not care. What matters is how the filtering is actually being done. Is the firewall functioning at layer two (AKA transparent or bride) or at layer three (AKA routed) mode? If layer three, then I would definitely reconfigure so that you have unique IP networks on each side. While some equipment can function with this apparent contradiction, the ambiguity it creates is not good for security planning. If layer two, then the firewall is functioning at a layer below IP, and the IP addressing does not matter to the firewall function. The IP address the firewall gets in this case is used only for management (i.e., so you can talk to the firewall, not so the firewall can forward network traffic). -- Ben Scott | Net Technologies, Inc. | 978-462-8795 Network Engineer | Salisbury, MA, USA | 866-905-3049 [EMAIL PROTECTED] | http://www.ntisys.com | Fax: 978-499-7839 _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe send a blank email to %%email.unsub%% Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
