Eugene Smiley on Wed, 29 Jan 2003 18:03:16 -0500


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

RE: [PLUG] dsl questions


I believe that what LeRoy is doing is performing masquerading, where all the
IP's behind the Linux box (including the DMZ) all have private IPs i.e.
192.168.1.0.

Considering that you have a Linksys router (which performs NAT firewalling)
already, why aren't you using it at your entry point? Just because you get 5
IP's doesn't mean that you have to use them. Just place it before your
switch.

Like LeRoy, I'd be very nervous about not having anything between the public
and my boxes.

Most FAQs/HOWTOs you read will warn against running any services on a
firewall box if you end up using a linux box as a masquerading or NAT
firewall. Given that some people opt to use an old PC, i.e. that Pentium 100
buried in the parts closet.

Eugene

-----Original Message-----
From: plug-admin@lists.phillylinux.org
[mailto:plug-admin@lists.phillylinux.org]On Behalf Of epike@isinet.com
Sent: Wednesday, January 29, 2003 5:40 PM
To: plug@lists.phillylinux.org
Subject: Re: [PLUG] dsl questions

hi

thanks for the input.

the 3 hosts are actually: 2 linux boxes and
a linksys firewall (with the 802.11 antenna).
that leaves me with 2 linux boxes to protect.
more work but not too bad.

i'll try to implement a DMZ with the 2 linux
boxes as a starting point....by the way
does your firewall also serve something?
I try to minimize the number of machines and
I dont have a lot of IP numbers either.

In my case i'll try to setup the firewall server as a
regular web server also, so one its NIC would
show up as an address inside the DMZ is that possible?

jondz

_________________________________________________________________________
Philadelphia Linux Users Group        --       http://www.phillylinux.org
Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
General Discussion  --   http://lists.netisland.net/mailman/listinfo/plug