Hold on. Civilme posted a message a few months ago stating that a single
NIC with a single hub is dangerous. He said something to the effect of "a
hacker could create a VPN on his side that effectively exposes your entire
private network." Unfortunately, Civilme is no longer on the list. Check
the archives. You want at least 2 NICs with 2 HUBS(or a direct link from
NIC to DSL modem).
I would assume further isolation of the email and web server would further
protect the network. If the email or web server is hacked, the ipchains on
the Linux router would effectively only all port 25 and 110 to leave the
mail server. This assumes that you have stripped your router down to the
point that it is virtually impossible to hack (nothing but ssh logins).
Matthew Zaleski
> -----Original Message-----
> From: Joseph S. Gardner [mailto:[EMAIL PROTECTED]]
> Sent: Friday, August 18, 2000 8:33 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [expert] Stupid server question #3
>
>
> Greg Stewart wrote:
> >
> > > Why not plug B and C into the hub also? I don't see the
> advantage to
> > > plugging them directly to the firewall... Consider this:
> > >
> > > internet -> dsl modem -> comp a -> hub -> all other computers
> > >
> > > You still have comp a (your firewall) between the
> internet and all of
> > > your machines... hooking up b and c to a is just costing
> you more work
> > > with getting 4 nics setup instead of 2 (all you really need).
> >
> > Also, depending on the age/maturity of the firewall (old
> machine, or brand
> > new?) you may be consuming a bit more system overhead than you
> > need--powering and driving two extra NICs.
> >
> > Besides, it's easier, and involes less typing, configuring
> your firewall to
> > masquerade only one NIC, rather than three. You would,
> then, also need to
> > plan for three subnets, and port-forward accordingly. A little more
> > confusing than having only one subnet and one internal NIC.
> >
> > --Greg
> >
> > > On Wed Aug 16, 2000 at 11:22:14AM -0400, Joseph S. Gardner wrote:
> > >
> > > > SOHO server setup scenerio "Firewall from hell"
> > > >
> > > > The object being to keep it simple but keep it secure....
> > > >
> > > > Assuming five computers
> > > > comp A = firewall w/ X NIC's
> > > > comp B = mail server
> > > > comp C = web server
> > > > comp D = workstation D
> > > > comp E = workstation E
> > > >
> > > > also assuming I have dsl modem and one hub
> > > >
> > > > internet connection plugged into DSL modem.
> > > > DSL modem plugged into comp A (firewall)
> > > > Comp A, D & E plugged into hub
> > > > Comp B & C plugged into comp A
> > > >
> > > > this would mean comp A would require 4 NIC's (DSL, comp
> B, comp C and
> > > > hub)
>
> Theres definitly something I never thought of, I guess I
> never realized
> that you could effectively protect the internal machines if they had a
> "direct" connection to the "public" machine via the hub but it does
> make some sense now that you mention it. (Head hung in shame)
>
> Thanks,
> --
> Joseph S Gardner
>
> Senior Designer / Technical Support
> Kirby Co., Cleveland, OH
> [EMAIL PROTECTED]
>
> The box said,
> "Requires Windows 3.x or better",
> so I got Linux.
>
> Registered Linux user #1696600
>
