Greetings!

On Thu, 21 Oct 2004 16:15:49 +0200 martin f krafft <[EMAIL PROTECTED]>
wrote:
> also sprach [EMAIL PROTECTED] <[EMAIL PROTECTED]> [2004.10.21.1549
> +0200]:> The only time I've seen this done has been with PPPoE; the
> gateway> talked PPPoE with the remote end, and communicated with the
> LAN> via the same NIC. Not that secure, but got the network running.
> 
> Sounds horrible.

While it's the same physical interface, they are logically disjunct:
internet is at ppp0 while LAN is at eth0. As long as you just filter
against ppp0 it should be comparatively safe (safer than directly
connected Win* machines, that is). 

You're not safe at all against attacks (or misconfigurations) from the
inside with this technique, though...

I usually prefer physical separations of green/yellow/red networks, too,
so this setup should only be used as emergency measure...

Bye

Volker Tanger
ITK Security


Reply via email to