I begin to think that maybe instead of a hub you should have a router for
your networkand have all the servers plugged into it and restrict it from
forwarding packets from one machine to the other. Now I am not very
knowledgeable in this so I guess the gurus here can say more on this
issue.
On Sat, 5 Aug 2000, Chris Knipe wrote:
> Date: Sat, 05 Aug 2000 07:04:10 +0200
> From: Chris Knipe <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Forced Routing?
>
> Hi...
>
> I just have a simple question quickly.... (or I hope it will be)...
>
> Technically, as I understand it, specifying a default gateway (or a gateway
> at all) for TCP/IP routing information is irrelvent *IF* the IP addresses
> are located on the same subnet?? Simple scenario...
>
> PC1 <-----> PC2
>
> Both are on the same network, 192.168.1.0/255.255.255.224
>
> Now, in otherwords, PC1 and 2 will know of each other only via ARP cache,
> and thus, will know that they are directly reachable, and thus not use any
> gateway information specified in a routing table? Well, I might be right, I
> might be wrong about this, but the question I have, is a bit more
> complicated...
>
> Say for example, I have a bunch of PCs, all on the same network, all routing
> via one machine (default gateway)... The network can possibly look
> something like this... (192.168.1.0/255.255.255.224)
>
> PC1 PC2 PC3 PC4
> \ | | /
> \ | | /
> ------------------
> |
> GATEWAY
>
> The question is simply, how can I firewall PC1, 2, 3 and 4 from EACH OTHER,
> without subnetting them all. If I subnet it, it firstly would mean that my
> firewall machine would need houndreds of network cards (which is physically
> impossible - seeing im practice, I'm literally talking 100+ computers in
> this farm).... Secondly, data from PC1 directed to PC2 WILL NOT be routed
> by the FIREWLL machine, but will only be broadcasted back to the
> destination, because of the features and workings of UTP HUBs, and TCP/IP
> routing....
>
> So how do I get my gateway machine (firewall) to protect the entire server
> farm from the outside world (this is fairly simple, I just stick a second
> NIC in it and set the firewall up), but also haev the gateway to protect the
> machines from each other INSIDE the firewall?
>
> Why do I want to do this? We plan on setting up a server farm where our
> customers will be able to rent dedicated servers from us for their own
> personal use. Due to the security involved, we need to have all the servers
> in the same server farm, aswell as haev firewall protection for every
> machine in the farm from each other. The firewall rules is not that
> importaint at the moment, because of the fact that the farm will more than
> likely all be protectd by the same rules, as I stated however, the problem
> lies in the matter at which we can go about to implement these rules
> INTERNALLY between the servers in the farm.
>
> As far as I know, it is impossible to do. UTP Hubs broadcast all the
> information received on a port, to all the other ports connected to the same
> hub. Therefor, all the machines on the same hub, will receive the
> information. On the other hand, there are a few places doing things like
> this allready, which means that technically, it MUST be possible...
>
> Can one way of doing this perhaps be in the configuration and layout of the
> physical network (hubs, switches, and cables), perhaps in something like the
> following scenarion....
>
> SERVER SERVER SERVER
> | | |
> HUB HUB HUB
> | | |
> ------------------------
> |
> SWITCH
> |
> GATEWAY
>
> Or will this scenario also allow communications to take place between the
> servers without their data being checked and firewalled by the gateway
> firewall?
>
> ANY help will greately be appreciated, and I look forward to your replies.
>
> Regards,
> Chris Knipe
> Cell: (083) 430-8151
>
> Natural ability has more often attained to glory and virtue, than education
> without natural ability at all.
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-net" in
> the body of a message to [EMAIL PROTECTED]
>
Noah
[EMAIL PROTECTED]
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
