|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Basic Post-Install Config?
|
On Thu, 3 Feb 2005 23:05:38 -0500 (EST), Doug Crompton
<doug@crompton.com> wrote:
> In Router terms DMZ means wide open. The DMZ host see's all traffic.
> Better to port forward the ports to the IP address(es) that serve them.
> Only those ports are forwarded to the associated IP's. It does not matter
> if a port is open on the inside PC. If it is not forwarded it is not
> getting there. That being said it is still a good idea to limit ports to
> those used. But for instance if you want local telnet and you don't
> forward port 23, the WAN side isn't getting there!
Yes, in regards to consumer grade routers (ie Linksys), a "DMZ" is worthless.
I was referring to the more traditional implementation, that is
isolating servers on their own network.
Notice I said "if possible": that could be as easy as putting 3 NICs
into an old toaster.
http://en.wikipedia.org/wiki/Demilitarized_zone_%28computing%29
--
-Chad C Waters
http://chadcwaters.com
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|