Re: Small network with a single real IP

To: Julien Stern <stern@lri.fr>
Cc: debian-firewall@lists.debian.org
Subject: Re: Small network with a single real IP
From: Javier Fernandez-Sanguino Peña <jfernandez@sgi.es>
Date: Thu, 09 Nov 2000 19:44:42 +0100
Message-id: <[🔎] 3A0AF09A.AAA6E5D0@sgi.es>
References: <[🔎] 20001107182005.29787.cpmta@c008.sfo.cp.net> <[🔎] 20001107181409.A22016@piglet.ds14.agh.edu.pl> <[🔎] 20001108100712.A31174@lri.fr>

> 
> Firewall:
> 
> * Blocks everything from outside but www and ssh2 which it forwards to www.
> * Blocks everything from www to secure but ssh2
> * Masquerades secure
> 
> The only problem is that I currently only have two NICs in my firewall.
> Is it totally useless (security wise) to create to different subnets anyway?
> Should I really buy another NIC?

	Ummm... if you are in the same ethernet the www server could snoop it, find
that it on another subnet (since it sees packets from other IP adresses) change
its subnet address and attack the others.
	So yes, you should buy another NIC or separate the physical interfaces so that
www will not be able to snoop the other.

	Javi

begin:vcard 
n:Fernández-Sanguino Peña;Javier
tel;fax:+34-91 806 46 41
tel;work:+34-91 806 46 40
x-mozilla-html:FALSE
org:SGI-GMV sistemas;Seguridad Lógica
adr:;;Sector Foresta 1;Tres Cantos;Madrid;E-28760;Spain
version:2.1
email;internet:jfernandez@sgi.es
x-mozilla-cpt:;28448
fn:Javier Fernández-Sanguino Peña
end:vcard

Reply to:

References:
- Re: Small network with a single real IP
  - From: jpm@nsimail.com
- Re: Small network with a single real IP
  - From: Marcin Owsiany <porridge@pandora.info.bielsko.pl>
- Re: Small network with a single real IP
  - From: Julien Stern <stern@lri.fr>

Prev by Date: Re: Newbie Questions Part 2
Next by Date: troubles listening for two external ip addresses...
Previous by thread: Re: Small network with a single real IP
Next by thread: ipchains question
Index(es):
- Date
- Thread