Hello
Please excuse my ignorance but what is a DMZ? I assume that by
switch you mean a router or a switch. I am guessing that the firewall
software would be installed on the internet server which is connected
to the dmz.
Maybe what would help would be what hardware is needed here besides
the computers, cables and the cable modem to get this started?
Thanks,
Andrew
At 15:39 2007-09-08, you wrote:
DJA wrote:
> You get a bit more flexibility and future expandability with
You get even more with my setup.
{Internet]<-->[Cable Modem(really a router)]
^
|
+-->[M0n0wall]<-DMZ-> [Vlan1 on switch]
^ ^
| |
L +--> Internet Connected Server
A +--> Wifi WAP
N +--> Other public computers
|
+-->[Vlan0 on switch]
^
|
| +-->[Computer 1]
+--> |
+-->[Computer 2]
I have a DMZ where computers that are accessible to the internet live and
where my wifi WAP is connected. I use 1:1 NAT and proxyarp so they appear to
be connected directly. This separates everything from my LAN and allows me to
filter connections to my servers to only those services I allow. My LAN can
access the DMZ, but the DMZ can't access the LAN. So a compromised server in
my DMZ can't be used to compromise my machines in my LAN. I'm lucky enough to
have a high end switch so I can VLAN my switch to serve both the DMZ and the
LAN.
> Don't underestimate the number of Ethernet ports you'll need. Keep in
> mind that for an N-port device, you can only use N-1 ports for node
> devices because you'll always have at least one port used on your LAN's
> "Backbone". If you anticipate using Wifi, you might want to use an
> appliance Firewall-Router-Access Point instead of the Ethernet-only router.
I agree. I was lucky enough to pick up a 24 port HP Procurve for my network.
<snip>
> Unless you spend a fair piece of change for a good enclosure, these tend
> to be noisier and more power hungry than the consumer appliance boxes.
> However, you'll have much more flexibility and control than with the
> appliances. My experience is that I don't really need that much
> capability right now, and don't see that most home users do either.
I run m0n0wall on a soekris, which uses 15watt a 8Mb CF for a hard drive and
has no moving parts.
Isn't this fun!
--
Neil Schneider pacneil_at_linuxgeek_dot_net
http://www.paccomp.com
Key fingerprint = 67F0 E493 FCC0 0A8C 769B 8209 32D7 1DB1 8460 C47D
The more you read and observe about this Politics thing, you got to admit that
each party is worse than the other. The one that's out always looks the best.
- Will Rogers
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.485 / Virus Database: 269.13.10/995 - Release Date:
9/8/2007 1:24 PM
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
