[NCLUG] Network configuration
dobbster
dobbster at frii.com
Fri Oct 27 13:18:05 MDT 2000
Sorry for the naive question, but does this diagram imply that the
firewall system should have three NICs?
I thought that a web server in the DMZ would be plugged directly into
the hub at the top.
Mark (dobbster at frii.com)
> > Presumably you meant:
> >
> > > <----{dsl}---------[ hub ]
> > > |
> > > |
> > > ^ ============|=========================
> > > | |
> > > | | +------+
> > > DMZ | | |
> > > | [firewall] [web server]
> > > | |
> > > v ============|=========================
> >
> > Otherwise it wouldn't really be a DMZ...
> >
> > >If you used port redirection, or NAT, to have a web server where I've
> > >shown workstations, that would work but there's a risk. If the web
> > >server was cracked, they would be on a machine on your private network.
> >
> > Though if the only thing that's port-forwarded was port 80, they'd be
> > reasonably limited in what they can do. "Ok, now I've used the web
> > server to create a root-level login, now I just telnet in and... Dang!".
> >
> > Sean
> > --
> > Do bad programmers wake up on Christmas morning to find coal in
> > their sockets? -- Sean Reifschneider
> > Sean Reifschneider, Inimitably Superfluous <jafo at tummy.com>
> > tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
> > _______________________________________________
> > NCLUG mailing list
> > NCLUG at nclug.org
> > http://www.nclug.org/mailman/listinfo/nclug
> >
> >
> _______________________________________________
> NCLUG mailing list
> NCLUG at nclug.org
> http://www.nclug.org/mailman/listinfo/nclug
More information about the NCLUG
mailing list