The poster really doesn't have a secure network now because there are machines unprotected on the external Internet. With IP chains locking down things like windows networking, the network security could be enhanced over what is there now...
Joel On Tue, Jan 14, 2003 at 12:49:25AM -0800, Jeff Newmiller wrote: > On Mon, 13 Jan 2003, Joel Baumert wrote: [general description of possible solution...] > > The dnat idea is a good one (assuming you are running kernel 2.4), except > that you DON'T WANT TO DO IT TO YOUR INTERNAL NETWORK. > > External servers should be put into a DMZ network. Data connectivity > between internal network and DMZ should originate from the internal > network only, to prevent a cracker from plowing through your network one > system at a time. > _______________________________________________ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
