Eric Wolzak wrote:
> Hello Craig
>
> Why do you want to use a tunnel through your school net to the
> "private Student" net
> By this method you protect the "private student" net against attacks
> from the school net but opens up the school net a litle bit more to the
> outside world
> ( it is more difficult to get into a tunnel from the outside than to leave
> a tunnel ;) )
> I would think that it is saver to keep the school Lan apart from the
> Student Lan
>
> Why don't you use a different setup
>
> internet ---Bering Box 1 ------school Lan
> internet -- Bering Box 2 --- --Private Student Lan
>
> or even with a second network card in Box 1 as
> internet ----Beringbox ..... School Lan
> ^
> 1
> Private Student lan
> you could use your second Bering box for additional Security or
> someother usefull task .
>
>
> All three setups can be done with bering
Another approach would be to use Craig's original topology but on Bering
Box 2, make the School LAN a separate zone (nested in its 'net' zone). You
can then make the student->school policy REJECT and the student->net
policy ACCEPT.
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ [EMAIL PROTECTED]
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
