[TCLUG] Re: [TCLUG:19384] IPCHAINS/ipmasqadm

Tue Jul 4 19:13:48 CDT 2000

>                                   | [mail 192.168.0.1]
>  206.147.x.x   192.168.0.100      | [www 192.168.0.10]
> -DSL--[Firewall]------[Switch]----| [workstation a 192.168.0.20]
>                                   | [workstation b 192.168.0.21]
> 
> Now, the NAT thinggie is port-forwarding stuff over to the internal
> network. For example, www.yaron.org is DNSed as 206.147.x.x. The firewall
> forwards port 80 to the internal 192.168.0.10.

(delayed response -- was out of town)

Why not put put the ("bastion host") mail and www servers into the "DMZ"
network, between the DSL router and firewall machine?  This could
eliminate the need for port forwarding and close potential avenues of
attack on your internal network.  The DSL router (Cisco 675?) should be
able to handle some port forwarding.

-- 
==============     SIGN the Linux Driver Petition:
Joel Schneider     http://www.libranet.com/petition.html
jts at tc.umn.edu     SIGN the Mars Petition:
==============     http://www.thinkmars.net/petition.html

---------------------------------------------------------------------
To unsubscribe, e-mail: tclug-list-unsubscribe at mn-linux.org
For additional commands, e-mail: tclug-list-help at mn-linux.org