[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Need an advise about isolating a host in the DMZ

>>>>> "Haim" == Haim Ashkenazi <haim@consonet.com> writes:

    Haim> Hi I have a host in my DMZ that has both anonymous ftp and
    Haim> pop3 ports open (this can't be changed). since I really
    Haim> don't trust this setup, I was thinking about ways to isolate
    Haim> this host so no one who break to this computer, can access
    Haim> other computers on the DMZ (although other computers should
    Haim> be able to access it). one obvious solution is to create a
    Haim> second DMZ, but that would cost me the lost of three ip's,
    Haim> so I'm trying to figure out ways to isolate him without
    Haim> putting it in another subnet.

    Haim> I thought about 2 solutions so far: 1. putting iptables on
    Haim> all the other computers in the DMZ.  2. connecting this host
    Haim> to another VLAN and set this configuration on the switch (I
    Haim> have to see if that's even possible).

3. user-mode-linux (user-mode-linux.sf.net); put each service in a
   seperate UML with tap interfaces to each UML with iptables making
   sure anyway breaking the service in a UML can't get out.


Adrian Phillips

Your mouse has moved.
Windows NT must be restarted for the change to take effect.
Reboot now?  [OK]

Reply to: