Dazza,
> It's excessively complex? > > Additional firewalls don't necessarily improve security - a single > firewall, properly configured, will do everything you need - sticking in > extras is a waste. > > And why use two _switches_? I could understand it if you were using hubs - > but why bother with two switches? get a decent single switch, and divide > it into VLAN's if you're that paranoid about people on your LAN getting to > the servers. > The 2 switchs are ok especially if you want to seperate your internet servers and your lan environment. I see no problem with that, given on your lan you want trusted server. Any server that has direct connection to the internet in most schools of thought is not a trusted server. That is why you have a De-Militrised Zone, to ensure if someone owns your mail or web server the can't really own the rest of your LAN. > For a home network, this is a massive overkill, and you're just wasting > your money on devices you don't need. > My environment is similar to that but I intended to mirror what I have done for my clients and work place. As we all know firewalls are just packet filters. How are you doing to stop a potential exploit from accessing your DNS, mail or web server (if they exisit in the *nix distro) Chroot is great i have it for DNS, postfix as a standard install does it. Apache is pretty rock solid. Spare a thought for those who are forced to use less than secure propritary software. > About all you need is something like was previously described - ADSL modem > to firewall to switch to servers/LAN. > > DaZZa -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
