- To: Minh Van Le <mvanle@xxxxxxxxxxxxxx>
- Subject: RE: [SLUG] home server on adsl; advice
- From: Kevin Saenz <ksaenz@xxxxxxxxxxxxxxx>
- Date: 07 Jun 2003 10:12:33 +1000
- Cc: slug@xxxxxxxxxxx
- Organization: Spinaweb
Ok so you are saying that off fw2 you have a dmz and a lan
hanging off firewall2. This is a normal configuration.
It appears by design your topology is pretty much like a
chinese castle your strongest defence is your external wall
and each interanl wall is slightly weaker.
logically I can see no real issue only a lot more logs to
baby sit. Hope somewhere sitting there you have some form of
IDS.
> This the topology I have in mind for my network. (Maybe minus Firewall 3 and
> Firwall 4). Is there something wrong with it ?
>
> +-----------------+
> | I N T E R N E T |
> +-----------------+
> |
> +--------------------------+
> | ADSL Router / Firewall 1 |
> +--------------------------+
> |
> +--------------------------+
> | Firewall 2 |
> +--------------------------+
> | |
> +-------+ +--------+
> | |
> +------------+ +------------+
> | Firewall 3 | | Firewall 4 |
> +------------+ +------------+
> | |
> --------------- ---------------
> / Eth Switch 1 / / Eth Switch 2 /
> --------------- ---------------
> | | | |
> | | | +-----------------------+
> | | +---------------------------+ |
> | +-----------+ | |
> | | | |
> +------------+ +------------+ +--------------+ +-----+
> | FTP Server | | WEB Server | | Email Server | | LAN |
> +------------+ +------------+ +--------------+ +-----+
>
>
> > -----Original Message-----
> > From: slug-bounces@xxxxxxxxxxx [mailto:slug-bounces@xxxxxxxxxxx]On
> > Behalf Of Phil Scarratt
> > Sent: Monday, 2 June 2003 22:13
> > To: slug@xxxxxxxxxxx
> > Subject: Re: [SLUG] home server on adsl; advice
> >
> >
> >
> >
> > Chris D. wrote:
> > > This one time, Amanda Wynne wrote:
> > >
> > >>Now, I should be able to set up Apache on a machine in the DMZ,
> > serving up web
> > >>pages to the Internet. And an FTP server on this same machine
> > accessible only
> > >
> > >>from the internal Lan to update those pages. Yes?
> > >
> > >>With only one network card?
> > >>
> > >>So, it looks kinda like this.....
> > >>
> > >>Lan 192.168.0.x (2 workstations, file server, laptop, laser printer)
> > >>
> > >>Freesco bridge eth0 192.168.0.1
> > >> eth1 192.168.1.3
> > >>
> > >>DMZ with Alcatel pro at 192.168.1.1 to TPG static IP ADSL
> > >> Apache web server at 192.168.1.2
> > >> FTP server at 192.168.1.2
> > >
> > >
> > > So what you'r doing is something like this
> > >
> > > __________________
> > > | ADSL Router |
> > > ------------------
> > > |
> > > |--
> > > --------------------
> > > | FreeSCO Firewall |
> > > --------------------
> > > | _________________
> > > -------| Webserver Box |
> > > -----------------
> > > |
> > > ( Rest of LAN )
> > >
> > > Right?
> >
> > I thought it was something more like this...
> >
> >
> > __________________
> > | ADSL Router |
> > ------------------
> > |
> > -----------------
> > | WebServer Box |
> > -----------------
> > |
> > |
> > --------------------
> > | FreeSCO Firewall |
> > --------------------
> > | _________________
> > -------| Rest of lan |
> > -----------------
> >
> > In which case, the comment still stands but for Alcatel Pro.
> >
> > Fil
> >
> > --
> > SLUG - Sydney Linux User's Group - http://slug.org.au/
> > More Info: http://lists.slug.org.au/listinfo/slug
>
SLUG Mailing List Archives