[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Newbie Questions Part 1

At 12:17 PM 11/8/00 +0000, Michael Boyd wrote:
>The kind of structure I have in mind is:-
>[Win. 98 Box]--eth--[Debian Box]--modem--[Internet Service Provider]
>I intend to add other machines on my network later and have the Debian
>Box doing ipmasq, ipchains and diald.
>My first two questions are:-
>Would it be *much* safer to insert a second Debian Box with 2 ethernet
>cards, one machine to do the firewalling and one to make the connection
>to the internet?  Presumably if I did that the machine making the
>internet connection would be potentially vulnerable?

NO, and it would be a good bit harder, since you'd need either 2 levels of
NAT (MASQ) or a more complex routing table on one or both routers.

The host making the Internet connection is always "potentially vulnerable".
Good firewall/router design minimizes (ideally, elmiminates, but let's be
realistic) the vulnerability.

>Is there anything wrong with using IP addresses such as and a
>subnet mask of for my machines?  The gateway will have a
>dynamic IP addr. from my ISP as well.

If by "such as" you mean to refer to the private address ranges (,, and, then there is nothing at all wrong with
using them. They are intended for use in exactly these kinds of situation.

------------------------------------"Never tell me the odds!"---
Ray Olszewski                                        -- Han Solo
Palo Alto, CA           	 	         ray@comarre.com        

Reply to: