Hi...
Having a router and plugging 100+ computers directly into the router without
a HUB is NOT going to work :)
This will basically bring me back to having a server with like houndreds of
NICs in them, which is physically impossible... But ta for the info...
Regards,
Chris Knipe
Cell: (083) 430-8151
Natural ability has more often attained to glory and virtue, than education
without natural ability at all.
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: Chris Knipe <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Saturday, August 05, 2000 10:44 AM
Subject: Re: Forced Routing?
> I begin to think that maybe instead of a hub you should have a router for
> your networkand have all the servers plugged into it and restrict it from
> forwarding packets from one machine to the other. Now I am not very
> knowledgeable in this so I guess the gurus here can say more on this
> issue.
> On Sat, 5 Aug 2000, Chris Knipe wrote:
>
> > Date: Sat, 05 Aug 2000 07:04:10 +0200
> > From: Chris Knipe <[EMAIL PROTECTED]>
> > To: [EMAIL PROTECTED]
> > Subject: Forced Routing?
> >
> > Hi...
> >
> > I just have a simple question quickly.... (or I hope it will be)...
> >
> > Technically, as I understand it, specifying a default gateway (or a
gateway
> > at all) for TCP/IP routing information is irrelvent *IF* the IP
addresses
> > are located on the same subnet?? Simple scenario...
> >
> > PC1 <-----> PC2
> >
> > Both are on the same network, 192.168.1.0/255.255.255.224
> >
> > Now, in otherwords, PC1 and 2 will know of each other only via ARP
cache,
> > and thus, will know that they are directly reachable, and thus not use
any
> > gateway information specified in a routing table? Well, I might be
right, I
> > might be wrong about this, but the question I have, is a bit more
> > complicated...
> >
> > Say for example, I have a bunch of PCs, all on the same network, all
routing
> > via one machine (default gateway)... The network can possibly look
> > something like this... (192.168.1.0/255.255.255.224)
> >
> > PC1 PC2 PC3 PC4
> > \ | | /
> > \ | | /
> > ------------------
> > |
> > GATEWAY
> >
> > The question is simply, how can I firewall PC1, 2, 3 and 4 from EACH
OTHER,
> > without subnetting them all. If I subnet it, it firstly would mean that
my
> > firewall machine would need houndreds of network cards (which is
physically
> > impossible - seeing im practice, I'm literally talking 100+ computers in
> > this farm).... Secondly, data from PC1 directed to PC2 WILL NOT be
routed
> > by the FIREWLL machine, but will only be broadcasted back to the
> > destination, because of the features and workings of UTP HUBs, and
TCP/IP
> > routing....
> >
> > So how do I get my gateway machine (firewall) to protect the entire
server
> > farm from the outside world (this is fairly simple, I just stick a
second
> > NIC in it and set the firewall up), but also haev the gateway to protect
the
> > machines from each other INSIDE the firewall?
> >
> > Why do I want to do this? We plan on setting up a server farm where our
> > customers will be able to rent dedicated servers from us for their own
> > personal use. Due to the security involved, we need to have all the
servers
> > in the same server farm, aswell as haev firewall protection for every
> > machine in the farm from each other. The firewall rules is not that
> > importaint at the moment, because of the fact that the farm will more
than
> > likely all be protectd by the same rules, as I stated however, the
problem
> > lies in the matter at which we can go about to implement these rules
> > INTERNALLY between the servers in the farm.
> >
> > As far as I know, it is impossible to do. UTP Hubs broadcast all the
> > information received on a port, to all the other ports connected to the
same
> > hub. Therefor, all the machines on the same hub, will receive the
> > information. On the other hand, there are a few places doing things
like
> > this allready, which means that technically, it MUST be possible...
> >
> > Can one way of doing this perhaps be in the configuration and layout of
the
> > physical network (hubs, switches, and cables), perhaps in something like
the
> > following scenarion....
> >
> > SERVER SERVER SERVER
> > | | |
> > HUB HUB HUB
> > | | |
> > ------------------------
> > |
> > SWITCH
> > |
> > GATEWAY
> >
> > Or will this scenario also allow communications to take place between
the
> > servers without their data being checked and firewalled by the gateway
> > firewall?
> >
> > ANY help will greately be appreciated, and I look forward to your
replies.
> >
> > Regards,
> > Chris Knipe
> > Cell: (083) 430-8151
> >
> > Natural ability has more often attained to glory and virtue, than
education
> > without natural ability at all.
> >
> >
> > -
> > To unsubscribe from this list: send the line "unsubscribe linux-net" in
> > the body of a message to [EMAIL PROTECTED]
> >
>
> Noah
> [EMAIL PROTECTED]
>
>
>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
