Re: Small network with a single real IP
On Tue, Nov 07, 2000 at 06:14:09PM +0100, Marcin Owsiany wrote:
> On Tue, Nov 07, 2000 at 10:20:05AM -0800, jpm@nsimail.com wrote:
> > > Should I set up two internal private subnets (one for the ftp/www),
> > > and one for the other computers? What kind of communication should I allow
> > > between them, in case the www/ftp box gets broken? Is that the way to go?
>
> [...]
> > I don't see any benefit in having two subnets, if your FW gets broken into
> > then your whole network is in trouble anyway.
>
> I think he means something like that:
> - if you have two internal networks X and Y
> - hosts x1, x2, ..., xn are connected only to network X
> - hosts y1, y1, ..., ym are connected only to network Y
> - host r is connected to both X and Y
>
Yes, this is what I had in mind.
Thanks to all of you for your replies.
Things are getting clearer. I'll probably go with the following:
+----------+
DSL--| Firewall |
+----------+
| |
| |
www secure
Firewall:
* Blocks everything from outside but www and ssh2 which it forwards to www.
* Blocks everything from www to secure but ssh2
* Masquerades secure
The only problem is that I currently only have two NICs in my firewall.
Is it totally useless (security wise) to create to different subnets anyway?
Should I really buy another NIC?
Sincerely,
Julien
Reply to: