Re: DMZ

To: Cory Petkovsek <coryp@petersen-arne.com>
Cc: Kirk Schroeder <kirkschr@pacbell.net>, debian-firewall@lists.debian.org
Subject: Re: DMZ
From: Ray Olszewski <ray@comarre.com>
Date: Sat, 12 May 2001 08:10:15 -0700
Message-id: <2.2.32.20010512151015.00d05f2c@[192.168.1.23]>

At 07:55 PM 5/11/01 -0700, Cory Petkovsek wrote:

>My reply (and my current setup) does have a nic that connects to the dsl
router.  I have IP aliasing on the external nic, not the internal.  Aliasing
the internal wouldn't do much good for security purposes.  The drawing I
made actually excluded the switches, here's a more accurate rendition:
[deleted]
...
>Ray, is this unsafe?  Do you see a problem with my setup?  I am certainly
open to constructive criticism.

Looks fine to me; from your first posting, I simply hadn't sen where you
were connecting up the DSL line. 

Whether this approach would work for the original poster is uncertain. I've
never tried IP-aliasing an interface that runs PPPoE, so I don't know if the
two are compatible. (With PPPoE, the eth* interface itself doesn't get an IP
address; software like the Roaring Penguin package runs a PPP session on it
that gets assigned an IP address dynamically.)

--
------------------------------------"Never tell me the odds!"---
Ray Olszewski                                        -- Han Solo
Palo Alto, CA           	 	         ray@comarre.com        
----------------------------------------------------------------

Reply to:

Follow-Ups:
- Re: DMZ
  - From: Kirk Schroeder <kirkschr@pacbell.net>

Prev by Date: Re: DMZ
Next by Date: Re: DMZ
Previous by thread: Re: DMZ
Next by thread: Re: DMZ
Index(es):
- Date
- Thread