Greetings! On Thu, 21 Oct 2004 16:15:49 +0200 martin f krafft <[EMAIL PROTECTED]> wrote: > also sprach [EMAIL PROTECTED] <[EMAIL PROTECTED]> [2004.10.21.1549 > +0200]:> The only time I've seen this done has been with PPPoE; the > gateway> talked PPPoE with the remote end, and communicated with the > LAN> via the same NIC. Not that secure, but got the network running. > > Sounds horrible.
While it's the same physical interface, they are logically disjunct: internet is at ppp0 while LAN is at eth0. As long as you just filter against ppp0 it should be comparatively safe (safer than directly connected Win* machines, that is). You're not safe at all against attacks (or misconfigurations) from the inside with this technique, though... I usually prefer physical separations of green/yellow/red networks, too, so this setup should only be used as emergency measure... Bye Volker Tanger ITK Security
