Small network with a single real IP

To: debian-firewall@lists.debian.org
Subject: Small network with a single real IP
From: Julien Stern <stern@lri.fr>
Date: Tue, 7 Nov 2000 16:25:54 +0100
Message-id: <[🔎] 20001107162554.A23317@lri.fr>
Mail-followup-to: Julien Stern <stern@lri.fr>, debian-firewall@lists.debian.org

Hi all,

I have a few boxes at home, and I'm willing to set up a mini network.
I have only one IP address. My question is an "architecture" one.

So far, I had my firewall with nothing running but ssh2 and masquerading
the internal private network (firewall is under potato, kernel 2.2.13).
Seems to work ok.

Now, I'm willing to provide ftp and www. I'm dedicating another small box
for that. What I though is to have the firewall forward these two services
to this ftp/www box. 

Should I set up two internal private subnets (one for the ftp/www),
and one for the other computers? What kind of communication should I allow
between them, in case the www/ftp box gets broken? Is that the way to go?

Also, is it reasonnable to forward ssh2 to an internal box?
Currently, when I'm outside, I log on my firewall, and then inside.
Is one alternative safer than the other and for what reason?

Finally, should I upgrade to 2.4 to use iptables or is what I'm willing
to do going to be just fine with ipchains and ipmasqadm?

Thanks a lot.
Julien

Reply to:

Follow-Ups:
- Re: Small network with a single real IP
  - From: Artur Gorniak <josh@diament.ists.pwr.wroc.pl>

Prev by Date: Re: Newbie, someone have how-to on from-scratch Debian firewall?
Next by Date: Re: Newbie, someone have how-to on from-scratch Debian firewall?
Previous by thread: Re: Active Snort Log Analyser
Next by thread: Re: Small network with a single real IP
Index(es):
- Date
- Thread