> Because the adsl modem is set to bridge mode the only way in and out of > it is by PPPoE, right? So that means also that the only way for someone > from the outside to access the network is via the PPPoE client? > The only machine with a PPPoE client installed is the firewall, and all > of the other machines use the firewall as their gateway to the net. > I have never tried what you are proposing. I really don't like the idea. It looks to me that you ^may^ have network issues, if you are going to non public ip addresses.
> Why would that not be secure? > Ideally bridge mode should have a direct connection to the firewall. The art work below would not entirely protect you against those "bad guys" ;). If by some sheer dumb luck someone exploits your DSL Modem they have a potential to own your entire network. With the below design what is going to do NAT? Really your work stations need to hide behind a firewall. Also ideally a firewall is a machine that is not used for day to day use. For a secure network design there are a few docs that will help you visit http://www.tldp.org/HOWTO/Firewall-HOWTO-3.html > > > > ADSL Modem Firewall Local Workstations > > > > | | | | > > > > +-----H------+----U-----+----B-----+ > > > > Really your network design should look a little like below to ensure security. +----------+ +--------+ +---+ +------------+ |ADSL Modem|----|Firewall|------|Hub|---|Workstations| +----------+ +--------+ +---+ +------------+ You firewall should be a bare bones system. You could also use products like shorewall, astro, Mandrakes MNF (apparently a spinoff on shorewall) -- Regards, Kevin Saenz Spinaweb I.T consultants Ph: 02 4620 5130 Fax: 02 4625 9243 Mobile: 0418455661 Web: http://www.spinaweb.com.au -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
