Ok so you are saying that off fw2 you have a dmz and a lan hanging off firewall2. This is a normal configuration. It appears by design your topology is pretty much like a chinese castle your strongest defence is your external wall and each interanl wall is slightly weaker. logically I can see no real issue only a lot more logs to baby sit. Hope somewhere sitting there you have some form of IDS. > This the topology I have in mind for my network. (Maybe minus Firewall 3 and > Firwall 4). Is there something wrong with it ? > > +-----------------+ > | I N T E R N E T | > +-----------------+ > | > +--------------------------+ > | ADSL Router / Firewall 1 | > +--------------------------+ > | > +--------------------------+ > | Firewall 2 | > +--------------------------+ > | | > +-------+ +--------+ > | | > +------------+ +------------+ > | Firewall 3 | | Firewall 4 | > +------------+ +------------+ > | | > --------------- --------------- > / Eth Switch 1 / / Eth Switch 2 / > --------------- --------------- > | | | | > | | | +-----------------------+ > | | +---------------------------+ | > | +-----------+ | | > | | | | > +------------+ +------------+ +--------------+ +-----+ > | FTP Server | | WEB Server | | Email Server | | LAN | > +------------+ +------------+ +--------------+ +-----+ > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > Behalf Of Phil Scarratt > > Sent: Monday, 2 June 2003 22:13 > > To: [EMAIL PROTECTED] > > Subject: Re: [SLUG] home server on adsl; advice > > > > > > > > > > Chris D. wrote: > > > This one time, Amanda Wynne wrote: > > > > > >>Now, I should be able to set up Apache on a machine in the DMZ, > > serving up web > > >>pages to the Internet. And an FTP server on this same machine > > accessible only > > > > > >>from the internal Lan to update those pages. Yes? > > > > > >>With only one network card? > > >> > > >>So, it looks kinda like this..... > > >> > > >>Lan 192.168.0.x (2 workstations, file server, laptop, laser printer) > > >> > > >>Freesco bridge eth0 192.168.0.1 > > >> eth1 192.168.1.3 > > >> > > >>DMZ with Alcatel pro at 192.168.1.1 to TPG static IP ADSL > > >> Apache web server at 192.168.1.2 > > >> FTP server at 192.168.1.2 > > > > > > > > > So what you'r doing is something like this > > > > > > __________________ > > > | ADSL Router | > > > ------------------ > > > | > > > |-- > > > -------------------- > > > | FreeSCO Firewall | > > > -------------------- > > > | _________________ > > > -------| Webserver Box | > > > ----------------- > > > | > > > ( Rest of LAN ) > > > > > > Right? > > > > I thought it was something more like this... > > > > > > __________________ > > | ADSL Router | > > ------------------ > > | > > ----------------- > > | WebServer Box | > > ----------------- > > | > > | > > -------------------- > > | FreeSCO Firewall | > > -------------------- > > | _________________ > > -------| Rest of lan | > > ----------------- > > > > In which case, the comment still stands but for Alcatel Pro. > > > > Fil > > > > -- > > SLUG - Sydney Linux User's Group - http://slug.org.au/ > > More Info: http://lists.slug.org.au/listinfo/slug >
-- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
