[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Small network with a single real IP

> Hi all,
> I have a few boxes at home, and I'm willing to set up a mini network.
> I have only one IP address. My question is an "architecture" one.
> So far, I had my firewall with nothing running but ssh2 and masquerading
> the internal private network (firewall is under potato, kernel 2.2.13).
> Seems to work ok.
> Now, I'm willing to provide ftp and www. I'm dedicating another small box
> for that. What I though is to have the firewall forward these two services
> to this ftp/www box. 
> Should I set up two internal private subnets (one for the ftp/www),
> and one for the other computers? What kind of communication should I allow
> between them, in case the www/ftp box gets broken? Is that the way to go?

Internal Network with two subnets, that means you will have to have 1 nic for internet and then two for your internal network (total of 3) or a router to route between the subnets (maybe another linux box), I don't see any benefit in having two subnets, if your FW gets broken into  then your whole network is in trouble anyway. With rules (ipchains or iptables) you could still restrict what goes where.

> Also, is it reasonnable to forward ssh2 to an internal box?
> Currently, when I'm outside, I log on my firewall, and then inside.
> Is one alternative safer than the other and for what reason?
> Finally, should I upgrade to 2.4 to use iptables or is what I'm willing
> to do going to be just fine with ipchains and ipmasqadm?
> Thanks a lot.
> Julien
> --  
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Get personalized e-mail and a web address or your
own free e-mail at http://www.networksolutions.com.

Reply to: