> If you connect the 'internet' > side to the ADSL router you effectively put anything connected directly to > the > ADSL router into a sort of DMZ (sort of since it is still firewalled as > normal, > so not really a proper DMZ) with a separate IP address range that is > firewalled > off from the rest of the network by the cable router.
Errr - I'm not so sure about that. What is behind the cable router has the usual NAT blackhole, but what is hanging off the ADSL router is entirely unprotected from what is behind the cable router. So if the untrusted box is the one behind the cable router, all the trusted boxes are still subject to attack from the "problem" box. And that box has essentially unfettered Internet access, so it has no protection from PEBKAC either. You could, of course, have it the other way round - but that means reconfiguring everything currently on the network, means that those boxes will have to deal with double-NAT (which may or may not be a problem), and still offers no firewall filtering for the hostile box. So I don't think I agree with you... Vic. -- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --------------------------------------------------------------
