Re: DMZ
On Sat, May 12, 2001 at 08:10:15AM -0700, Ray Olszewski wrote:
> At 07:55 PM 5/11/01 -0700, Cory Petkovsek wrote:
>
> >My reply (and my current setup) does have a nic that connects to the dsl
> router. I have IP aliasing on the external nic, not the internal. Aliasing
> the internal wouldn't do much good for security purposes. The drawing I
> made actually excluded the switches, here's a more accurate rendition:
> [deleted]
> ...
> >Ray, is this unsafe? Do you see a problem with my setup? I am certainly
> open to constructive criticism.
>
> Looks fine to me; from your first posting, I simply hadn't sen where you
> were connecting up the DSL line.
>
> Whether this approach would work for the original poster is uncertain. I've
> never tried IP-aliasing an interface that runs PPPoE, so I don't know if the
> two are compatible. (With PPPoE, the eth* interface itself doesn't get an IP
> address; software like the Roaring Penguin package runs a PPP session on it
> that gets assigned an IP address dynamically.)
Hello,
Yes, I do have PPPoE with the cheap PacBell DSL package. My contract
runs out in a month or two, I got the free equiptment deal. I will be
looking into a static IP with out the PPPoE from other DSL providers,
any suggestions in the Sacramento, CA market? I know that the static IP
would be much easier to configure not to mention less load on the CPU. I
kind of figured that the PPPoE would by a problem. I checked out the LRP
versions that would work for 3 NICs but, I am interested in working with
other security products like Portsentry, Snort, Tripwire etc. You start
running out of room on the floppy firewalls when you add these. Plus I
like the easy updates with apt-get and the quickness of the Debian team
when it comes to security updates. Thanks for everyones input on this I
have more research to do :)
Kirk Schroeder
Reply to:
- References:
- Re: DMZ
- From: Ray Olszewski <ray@comarre.com>