Hi all, I have a few boxes at home, and I'm willing to set up a mini network. I have only one IP address. My question is an "architecture" one.
So far, I had my firewall with nothing running but ssh2 and masquerading the internal private network (firewall is under potato, kernel 2.2.13). Seems to work ok. Now, I'm willing to provide ftp and www. I'm dedicating another small box for that. What I though is to have the firewall forward these two services to this ftp/www box. Should I set up two internal private subnets (one for the ftp/www), and one for the other computers? What kind of communication should I allow between them, in case the www/ftp box gets broken? Is that the way to go? Also, is it reasonnable to forward ssh2 to an internal box? Currently, when I'm outside, I log on my firewall, and then inside. Is one alternative safer than the other and for what reason? Finally, should I upgrade to 2.4 to use iptables or is what I'm willing to do going to be just fine with ipchains and ipmasqadm? Thanks a lot. Julien
