Re: Newbie, someone have how-to on from-scratch Debian firewall?
On Tue, Nov 07, 2000 at 03:55:49PM +0100, Michael Meskes wrote:
> On Mon, Nov 06, 2000 at 07:44:19PM -1000, Brian Russo wrote:
> > Yes, this is what I meant by transparent filtering, it's interesting because
> > it pretty much eliminates any attack to 'own' the firewall, without an ip
> > address.. connecting to it is well.. difficult.
>
> True. But that means your internal sites are more open to an attack or did I
> miss anything? In your usual setup the firewall is the only machine visible
> from the internet and that has to change if it is completely transparent,
> doesn't it?
hm if you're using private addressing and doing NAT/PAT ?
well obviously you can't do that transparently because .. it has no network
address, the fw that is.
i don't see how it makes your internal sites more open to attack if
you're using global's, as you can still apply pretty much the same fw ruleset.
transparent bridging has some nifty applications still..
such as.. let's say you are single homed.. class C, globally routable ip
addies, you don't want to break up your C (for whatever reason)
you can still isolate some boxes from the rest without messing with routing or
whatever.. just a thought..
anyway, i don't know much about this, maybe i'm wrong about.. stuff
- brian.
--
+-------------------------------------------------------------
| Brian Russo <brusso@phys.hawaii.edu> GPG ID: 54D81666
| 404E 87E8 DD0C 275B 742B 09AD 2243 839C 54D8 1666
Reply to: