|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] network security thoughts/questions
|
> Any advice?
No advice, per se, just some recent experience trying to set up a
relatively secure home network with somewhat similar needs. I've been
running a WAN/LAN/DMZ network using an OpenBSD box with 3 NICs and pf.
It's kind of like your #1 with a little bit of #3 thrown in.
I like the idea of keeping my DNS and WWW on a DMZ network that's
separate from the LAN where I run my workstations and more experimental
stuff. But I'm willing to keep those machines removed from each other on
separate networks, which might not suit your needs.
I use pf redirection to forward external traffic coming to the interface
bearing the 3 IPs my ISP gives me and into my DMZ hosts, which are
NAT'ed using private IPs (192.168.1.0/24). I don't allow anything to
forward into my LAN, except for the maintenance of session state. I
allow just about anything out, but could lock that down further if I
wanted to create a ruleset to support that.
I'd be curious to hear what other people are doing for similar
setups..and what you decide on.
Good luck,
Dave
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|