On Wed, 15 May 2002, Brad Fritz wrote: > On Tue, 14 May 2002 23:25:43 PDT Eric House wrote: > > > Using Bering rc2, I'm trying to set up a router with eth0 external > > (ATT cable modem), eth1 a wired Ethernet LAN, and eth2 a wireless > > Ethernet LAN. Though I may eventually want to put an > > externally-reachable webserver on one of the LANs, I don't think I > > want a dmz. That is, I want all hosts on eth1 and eth2 to have full > > access to each other as if they were all on the same subnet.
> This is probably obvious, but... > Be careful; unless you take further precautions, the policies above > will allow anyone with a wireless card nearby (or not-so-nearby with > a wireless card and an antenna) full access to the network hanging > off eth1. So dmz-style rules make sense for the wireless net, don't they? Though I may eventually put a web server on the net (the wlan isn't the logical place for it but for its being dmz-like), the wlan will mostly be used for internet access. But I expect I'll occasionally want to connect from the wlan to machines on loc, e.g. to kill an XF86 server when it crashes. Perhaps the best approach is to start with the default dmz rules, then punch specific holes through the firewall allowing ssh and ping between dmz and loc? Thanks! --Eric ****************************************************************************** * From the desktop of: Eric House, [EMAIL PROTECTED] * * Crosswords 4.0 for PalmOS is out!: <http://www.peak.org/~fixin/xwords> * ****************************************************************************** _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: [EMAIL PROTECTED] ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
