[NTLUG:Discuss] Router Needed? -- multiple NAT devices not good (_avoid_ if possible)

terry kj5zr at yahoo.com
Thu Jul 8 09:31:04 CDT 2004 

Ralph Green, Jr wrote:
> Howdy,
>   I am a satisfied IPCOP user.  I have never set up an orange zone in
> IPCOP, but I did set one up for a friend using Smoothwall(from which
> IPCOP forked).  There must be some subtlety to your answer that I am

IPCOP forked?  Could you elaborate on that?
Did IPCOP crash?  Or DIE?
If so, what happened?
Hardware failure?  Software failure? or what?
IPCOP v1.3.0 ?
all 9 updates?


> missing, because the whole purpose of the orange zone is to isolate
> those machines that do need to receive connections from the red zone. 
> The orange zone usually contains web server or mail servers that the
> outside world must be able to reach.  Now, the red zone cannot initiate
> contact to your green zone.  Am I missing something, or did you mean to

"the red zone cannot initiate contact to your green zone."
I'm not understanding that part either.
(red zone = internet  green zone = LAN) Right?
So what are you saying about initiating contact from red to green zones?

> say green?

I think what he's saying is making it sort-of like:
red green-1 green-2
instead of the conventional
red green orange

In other words, not using the orange interface for servers but just 
using it to isolate visitor LAN from office LAN, therefore allowing 
visitor LAN access to internet and nothing more. ie.
green = office LAN
orange = visitor LAN

(I don't know if it'd work but makes sense to me.) (Don't see why not.)

> Good day,
> Ralph
> 
> On Wed, 2004-07-07 at 13:49, Bryan J. Smith wrote:
> 
> 
>>- "Just the easiest answer"
>>
>>Install IPCop 1.3 ( http://www.ipcop.org ) and make it your firewall.
>>Turn the 3rd zone, ORANGE (DMZ) into the zone for your conference room.
>>By default, nothing can get into ORANGE (DMZ) from RED (Internet), and
>>the ORANGE (DMZ) cannot access GREEN (LAN).
> 
> 
> 
> 
> _______________________________________________
> https://ntlug.org/mailman/listinfo/discuss
> 


-- 
but test everything; hold fast what is good,
1 Thessalonians 5:21

More information about the Discuss mailing list