[NTLUG:Discuss] Router Needed?
terry
kj5zr at yahoo.com
Tue Jul 6 21:34:38 CDT 2004
terry wrote:
> Burton M. Strauss III wrote:
>
>> Well, no, that's not quite right.
>>
>> 1) To make that work, your 'firewall-2' has to proactively prevent guests
>> from accessing the internal network. Violates the principal of
>> permit-nothing.
>>
>> 2) Who provides NAT and DHCP server. As your diagram stands, with a
>> simple
>> hub, there's no way to separate out the systems except by MAC address,
>> which
>> is an admin nightmare.
>>
>> Also, the key was to completely isolate his 'guests' with their virus
>> laden
>> POC systems - putting them outside the firewall is the best way to do it.
>> So if you have the equipment:
>>
>> DHCP
>> |
>> <Internet>-----<firewall>-----<HUB>-----<firewall-2>---internal network
>> | (192.168.1.x)
>> <firewall-3>
>> |
>> |----DHCP
>> |
>> <guest network>
>> (192.168.2.x)
>>
I was looking at wrong diagram when I made comment below, but I think
you know what I meant. it's firewall-2 that's not necessary because
gateway of firewall-3 (in this case) is firewall-1. It wouldn't hurt to
have the third firewall tho, just not all that necessary.
>
> firewall-3 is not necessary if firewall-2 blocks 192.168.2.x from
> 192.168.1.x
>
--
but test everything; hold fast what is good,
1 Thessalonians 5:21
More information about the Discuss
mailing list