[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables-save/restore with dynamic IP


On Thu, 21 Oct 2004 16:15:49 +0200 martin f krafft <madduck@debian.org>
> also sprach simon@farnz.org.uk <simon@farnz.org.uk> [2004.10.21.1549
> +0200]:> The only time I've seen this done has been with PPPoE; the
> gateway> talked PPPoE with the remote end, and communicated with the
> LAN> via the same NIC. Not that secure, but got the network running.
> Sounds horrible.

While it's the same physical interface, they are logically disjunct:
internet is at ppp0 while LAN is at eth0. As long as you just filter
against ppp0 it should be comparatively safe (safer than directly
connected Win* machines, that is). 

You're not safe at all against attacks (or misconfigurations) from the
inside with this technique, though...

I usually prefer physical separations of green/yellow/red networks, too,
so this setup should only be used as emergency measure...


Volker Tanger
ITK Security

Reply to: