Re: [SLUG] home server on adsl; advice

[Phil Scarratt]

At a quick glance looks ok as long as firewall on public side of web 
server doesn't allow ftp thru as you say. Effectively for a DMZ you want 
a firewall in front of and behind the publicly accessible machine.

fil

Amanda Wynne wrote:
Yes !

I did some more searching on the web today, and figured that's pretty well 
what DMZ means.

Now, I should be able to set up Apache on a machine in the DMZ, serving up web 
pages to the Internet. And an FTP server on this same machine accessible only 
from the internal Lan to update those pages. Yes? 
With only one network card?

So, it looks kinda like this.....

Lan 192.168.0.x (2 workstations, file server, laptop, laser printer)

Freesco bridge eth0 192.168.0.1  
                      eth1 192.168.1.3

DMZ with Alcatel pro at 192.168.1.1 to TPG static IP ADSL
               Apache web server at 192.168.1.2
               FTP server at 192.168.1.2
Sorry if I'm boring people with this, I'm just trying to get it straight in my 
own head where I'm  going with this.

Amanda

On Monday 02 Jun 2003 10:30 am, Phil Scarratt wrote:

It's effectively - in security speak - a DMZ (demilitarized zone) no?

Fil

Minh Van Le wrote:

Correct me if I'm wrong, but having two firewalls is better than one.

One for the DSL modem that is exposed to the internet, and then a
separate firewall for the internal lan that is only exposed to the DSL
firewall is better than firewalling everything from 1 box. It may delay a
compromise and make tracking logs easier.

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Behalf Of Chris D.
Sent: Sunday, 1 June 2003 19:10
To: [EMAIL PROTECTED]
Subject: Re: [SLUG] home server on adsl; advice
This one time, at band camp, Amanda Wynne wrote:

I'm looking at getting an Alcatel Pro. Currently running a P120
with Freesco


via dialup.
I'd recomend the DSL-300 from D-Link. There it maintains the
authentication and you just plugin a cat5 crossover to your system.
On the system it's connected to, you just use dhcp to configure the IP
address on it.

What I'm thinking of doing, if it's possible (this was going to
be my next


question) is change the Freesco box to bridge mode, feeding the
alcatel, with


my web server (yet another box) hanging off the alcatel. That
way my Lan is


effectively double-firewalled.
'double-firewalled' is really not going to mean much.

I refuse to say free-->SCO<-- is a good idea.

Cheers,
Chris
--
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug




--
Phil Scarratt
Draxsen Technologies
IT Contractor/Consultant
0403 53 12 71
--
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug