Re: iptables forwarding to inside firewall

To: Robert Brockway <robert@timetraveller.org>
Cc: Hanasaki JiJi <hanasaki@hanaden.com>, List - Debian Security <debian-security@lists.debian.org>
Subject: Re: iptables forwarding to inside firewall
From: Dale Amon <amon@vnl.com>
Date: Mon, 31 Mar 2003 19:59:30 +0100
Message-id: <[🔎] 20030331185929.GB17659@vnl.com>
In-reply-to: <[🔎] Pine.LNX.4.53.0303301707050.16645@blake.timetraveller.org>
References: <[🔎] 3E8501DC.7050307@hanaden.com> <[🔎] Pine.LNX.4.53.0303301707050.16645@blake.timetraveller.org>

On Sun, Mar 30, 2003 at 05:23:10PM -0500, Robert Brockway wrote:
> [1] If you use the "3 legged firewall" setup, it is possible to
> distinguish DMZ traffic from other traffic based on which interface it is
> entering the firewall.

Just have two different NIC's to two different non-routable
LAN's; one is your private LAN, the other is for you public
services. Port redirect services into the public net
and firewall it so nothing can connect back out from it.
Then even if your MTA is hacked, all you've lost is the
machine on the public LAN. Your fw and private Lan are
still secure.

-- 
------------------------------------------------------
       IN MY NAME:            Dale Amon, CEO/MD
  No Mushroom clouds over     Islandone Society
    London and New York.      www.islandone.org
------------------------------------------------------

Reply to:

References:
- iptables forwarding to inside firewall
  - From: Hanasaki JiJi <hanasaki@hanaden.com>
- Re: iptables forwarding to inside firewall
  - From: Robert Brockway <robert@timetraveller.org>

Prev by Date: [OT] Msec (was Re: Maybe an intruder?)
Next by Date: Re: noboby with a shell !!
Previous by thread: Re: iptables forwarding to inside firewall
Next by thread: is this an attack ?
Index(es):
- Date
- Thread