Hello Tom , of course you are right that it can be done safely, but I still have some second thoughts about "potential hackers" being behind the net I have to secure. In that case I have to "defend" my school net from both sides. especially if the students can execute programms on their net. Then they could attack the second bering Box to get access to the school net.
If It was my school I would prefer to use a dmz for the student net and put my second Bering Box between the first and the school net. So I would have some logs about what is going on. ;) Regards Eric Wolzak > > Eric Wolzak wrote: > > Hello Craig > > > > Why do you want to use a tunnel through your school net to the > > "private Student" net > > By this method you protect the "private student" net against attacks > > from the school net but opens up the school net a litle bit more to the > > outside world > > ( it is more difficult to get into a tunnel from the outside than to leave > > a tunnel ;) ) > > I would think that it is saver to keep the school Lan apart from the > > Student Lan > > > > Why don't you use a different setup > > > > internet ---Bering Box 1 ------school Lan > > internet -- Bering Box 2 --- --Private Student Lan > > > > or even with a second network card in Box 1 as > > internet ----Beringbox ..... School Lan > > ^ > > 1 > > Private Student lan > > you could use your second Bering box for additional Security or > > someother usefull task . > > > > > > All three setups can be done with bering > > Another approach would be to use Craig's original topology but on Bering > Box 2, make the School LAN a separate zone (nested in its 'net' zone). You > can then make the student->school policy REJECT and the student->net > policy ACCEPT. > > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > AIM: tmeastep \ http://www.shorewall.net > ICQ: #60745924 \ [EMAIL PROTECTED] > ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
