Re: server layout on LAN [OT]
* Kevin Coyner <kevin@rustybear.com> [29-10-2002 13:15]:
> I have a standalone commerical SOHO router (SMC7008ABR) that should do
> for the firewalling and IP masquerading (at least I hope so. pls tell
> me if these are insufficent relative to a good Linux box). I was
> actually wondering if I really need 2 routers to do it right - one to be
> the first firewall and provide a route to a yellow zone that hosts a
> website (low volume, not slashdotesque) and then a second router behind
> the first that setups up a LAN for the 6 users in a green zone. Is this
> overkill and will one router suffice?
If you use a router with three NICs you could create three zones. I
use a Sparcstation as gateway/firewall. I want to have some services
available to the outside world, but am prohibited by the lack of
expansion options on the Sun.
Getting network equipment for Sun is expensive. So unless you
already have three NICs on the Sun I can't recommend using that
machine as a firewall. Personally I am still hoping to find one of
those Sbus cards with three (or more?) network interfaces for a good
price. Maybe the ss20 has more Sbus slots, but getting an Sbus NIC
on Ebay is at least ten times more expensive than getting a couple
of PCI NICs.
If you want to tinker, the Sun is great. If you power on the machine
and make a serial connection to another internet connected machine,
you can literally install an os from the other side of the world on
the Sun. That is nice.
I can't comment on the security aspects of the various options you
have. I think (hope) that I am safe running a Linux firewall, but I
don't have much to protect. If I had to shield sensitive
information, I'd need to start reading. When I need something
available to the outside world, I temporarily open my firewall to a
local service.
Safest and best practice and tinkering don't always go happily hand
in hand ;)
Bob
Reply to: