Eclipse used to do multiple IP addresses, I don't know if your ISP does. If so, you could do this with 3 devices: ADSL router and 2x ethernet routers, then you set up 2x standard NAT one on each IP address. That'll safely separate the networks.
Benjie. On 9 May 2011 16:43, Vic <l...@beer.org.uk> wrote: > > > If you connect the 'internet' > > side to the ADSL router you effectively put anything connected directly > to > > the > > ADSL router into a sort of DMZ (sort of since it is still firewalled as > > normal, > > so not really a proper DMZ) with a separate IP address range that is > > firewalled > > off from the rest of the network by the cable router. > > Errr - I'm not so sure about that. > > What is behind the cable router has the usual NAT blackhole, but what is > hanging off the ADSL router is entirely unprotected from what is behind > the cable router. > > So if the untrusted box is the one behind the cable router, all the > trusted boxes are still subject to attack from the "problem" box. And that > box has essentially unfettered Internet access, so it has no protection > from PEBKAC either. > > You could, of course, have it the other way round - but that means > reconfiguring everything currently on the network, means that those boxes > will have to deal with double-NAT (which may or may not be a problem), and > still offers no firewall filtering for the hostile box. > > So I don't think I agree with you... > > Vic. > > > -- > Please post to: Hampshire@mailman.lug.org.uk > Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire > LUG URL: http://www.hantslug.org.uk > -------------------------------------------------------------- >
-- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --------------------------------------------------------------