On Fri, 6 Jun 2003, Minh Van Le wrote: > This the topology I have in mind for my network. (Maybe minus Firewall 3 and > Firwall 4). Is there something wrong with it ? > > +-----------------+ > | I N T E R N E T | > +-----------------+ > | > +--------------------------+ > | ADSL Router / Firewall 1 | > +--------------------------+ > | > +--------------------------+ > | Firewall 2 | > +--------------------------+ > | | > +-------+ +--------+ > | | > +------------+ +------------+ > | Firewall 3 | | Firewall 4 | > +------------+ +------------+ > | | > --------------- --------------- > / Eth Switch 1 / / Eth Switch 2 / > --------------- --------------- > | | | | > | | | +-----------------------+ > | | +---------------------------+ | > | +-----------+ | | > | | | | > +------------+ +------------+ +--------------+ +-----+ > | FTP Server | | WEB Server | | Email Server | | LAN | > +------------+ +------------+ +--------------+ +-----+
It's excessively complex? Additional firewalls don't necessarily improve security - a single firewall, properly configured, will do everything you need - sticking in extras is a waste. And why use two _switches_? I could understand it if you were using hubs - but why bother with two switches? get a decent single switch, and divide it into VLAN's if you're that paranoid about people on your LAN getting to the servers. For a home network, this is a massive overkill, and you're just wasting your money on devices you don't need. About all you need is something like was previously described - ADSL modem to firewall to switch to servers/LAN. DaZZa -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
