[NCLUG] Network configuration
Sean Reifschneider
jafo at tummy.com
Thu Oct 26 18:03:15 MDT 2000
Presumably you meant:
> <----{dsl}---------[ hub ]
> |
> |
> ^ ============|=========================
> | |
> | | +------+
> DMZ | | |
> | [firewall] [web server]
> | |
> v ============|=========================
Otherwise it wouldn't really be a DMZ...
>If you used port redirection, or NAT, to have a web server where I've
>shown workstations, that would work but there's a risk. If the web
>server was cracked, they would be on a machine on your private network.
Though if the only thing that's port-forwarded was port 80, they'd be
reasonably limited in what they can do. "Ok, now I've used the web
server to create a root-level login, now I just telnet in and... Dang!".
Sean
--
Do bad programmers wake up on Christmas morning to find coal in
their sockets? -- Sean Reifschneider
Sean Reifschneider, Inimitably Superfluous <jafo at tummy.com>
tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
More information about the NCLUG
mailing list