[NCLUG] Network configuration
Quent
quent at pobox.com
Fri Oct 27 10:21:56 MDT 2000
Urrghh! Right. I hate trying to draw in ASCII and I'm a bonehead.
You get what you pay for with advice from strangers on the Internet :-)
Quent
On Thu, Oct 26, 2000 at 06:03:15PM -0600, Sean Reifschneider wrote:
> Presumably you meant:
>
> > <----{dsl}---------[ hub ]
> > |
> > |
> > ^ ============|=========================
> > | |
> > | | +------+
> > DMZ | | |
> > | [firewall] [web server]
> > | |
> > v ============|=========================
>
> Otherwise it wouldn't really be a DMZ...
>
> >If you used port redirection, or NAT, to have a web server where I've
> >shown workstations, that would work but there's a risk. If the web
> >server was cracked, they would be on a machine on your private network.
>
> Though if the only thing that's port-forwarded was port 80, they'd be
> reasonably limited in what they can do. "Ok, now I've used the web
> server to create a root-level login, now I just telnet in and... Dang!".
>
> Sean
> --
> Do bad programmers wake up on Christmas morning to find coal in
> their sockets? -- Sean Reifschneider
> Sean Reifschneider, Inimitably Superfluous <jafo at tummy.com>
> tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
> _______________________________________________
> NCLUG mailing list
> NCLUG at nclug.org
> http://www.nclug.org/mailman/listinfo/nclug
>
>
More information about the NCLUG
mailing list