|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
>
> I believe that what LeRoy is doing is performing masquerading, where all the
> IP's behind the Linux box (including the DMZ) all have private IPs i.e.
> 192.168.1.0.
I think its more of bridging --- the input stream from one
NIC is mirrored on the other NIC so the hosts there could
get their own public ip's. Ive google'd this up before
though i'm not sure how it exactly work (yet). Some tricks
with arp.
> Considering that you have a Linksys router (which performs NAT firewalling)
> already, why aren't you using it at your entry point? Just because you get 5
> IP's doesn't mean that you have to use them. Just place it before your
> switch.
really tempted to put a linux in front of that linksys,
for one thing I've always wanted to let squid cache
all web surfing...
my main issue is that my wife uses the linksys router
for working at home and I play a LOT with the
linux box (rebooting, messing up with the hardware, and
so on)...i'd rather leave the linksys alone just for
the piece of mind that we'll always get internet out of that.
also I will also use the other IP for secondary dns
and mail. that makes me use up 3 IP's.
> Like LeRoy, I'd be very nervous about not having anything between the public
> and my boxes.
>
> Most FAQs/HOWTOs you read will warn against running any services on a
> firewall box if you end up using a linux box as a masquerading or NAT
> firewall.
ok then..looks like another one of my bad ideas ...
thansk,
jondz / e pike
_________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
General Discussion -- http://lists.netisland.net/mailman/listinfo/plug
|
|