[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Newbie Questions Part 1

At 12:17 PM 11/8/00 +0000, Michael Boyd wrote:
...
>The kind of structure I have in mind is:-
>
>[Win. 98 Box]--eth--[Debian Box]--modem--[Internet Service Provider]
>
>I intend to add other machines on my network later and have the Debian
>Box doing ipmasq, ipchains and diald.
>
>My first two questions are:-
>
>Would it be *much* safer to insert a second Debian Box with 2 ethernet
>cards, one machine to do the firewalling and one to make the connection
>to the internet?  Presumably if I did that the machine making the
>internet connection would be potentially vulnerable?

NO, and it would be a good bit harder, since you'd need either 2 levels of
NAT (MASQ) or a more complex routing table on one or both routers.

The host making the Internet connection is always "potentially vulnerable".
Good firewall/router design minimizes (ideally, elmiminates, but let's be
realistic) the vulnerability.

>Is there anything wrong with using IP addresses such as 10.0.0.1 and a
>subnet mask of 255.255.255.0 for my machines?  The gateway will have a
>dynamic IP addr. from my ISP as well.

If by "such as" you mean to refer to the private address ranges (10.0.0.0/8,
172.16.0.0/12, and 192.168.0.0/16), then there is nothing at all wrong with
using them. They are intended for use in exactly these kinds of situation.


--
------------------------------------"Never tell me the odds!"---
Ray Olszewski                                        -- Han Solo
Palo Alto, CA           	 	         ray@comarre.com        
----------------------------------------------------------------
Reply to: