[NCLUG] Network configuration

Quent quent at pobox.com
Fri Oct 27 10:21:56 MDT 2000


Urrghh! Right. I hate trying to draw in ASCII and I'm a bonehead.

You get what you pay for with advice from strangers on the Internet :-)

	Quent

On Thu, Oct 26, 2000 at 06:03:15PM -0600, Sean Reifschneider wrote:
> Presumably you meant:
> 
> >            <----{dsl}---------[ hub ]
> >                                 |
> >                                 |
> >                 ^   ============|=========================
> >                 |               |  
> >                 |               | +------+
> >                DMZ              | |      |
> >                 |         [firewall] [web server]
> >                 |               |
> >                 v   ============|=========================
> 
> Otherwise it wouldn't really be a DMZ...
> 
> >If you used port redirection, or NAT, to have a web server where I've
> >shown workstations, that would work but there's a risk.  If the web
> >server was cracked, they would be on a machine on your private network.
> 
> Though if the only thing that's port-forwarded was port 80, they'd be
> reasonably limited in what they can do.  "Ok, now I've used the web
> server to create a root-level login, now I just telnet in and...  Dang!".
> 
> Sean
> -- 
>  Do bad programmers wake up on Christmas morning to find coal in
>  their sockets?  -- Sean Reifschneider
> Sean Reifschneider, Inimitably Superfluous <jafo at tummy.com>
> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
> _______________________________________________
> NCLUG mailing list
> NCLUG at nclug.org
> http://www.nclug.org/mailman/listinfo/nclug
> 
> 



More information about the NCLUG mailing list