[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: network question - is this unusual?

Mikkel L. Ellertson wrote:
Gerhard Magnus wrote:
I recently had to deal with my ISP about a connectivity problem that
turned out to be on their end. (The tech referred to linux as lie-nux
and insisted on doing everything in XP which I fortunately had
dual-booted.) But in the process of working through this it was
necessary for me to describe the way I'd set up my LAN here and he
seemed incredulous. This wouldn't bother me except that I've gotten this
reaction before from people in the outside world but never an
explanation. So I'm asking: is there something weird about this
structure? Is there some "better" or more standard setup?

The DSL modem Actiontec modem provided by Quest plugs into the phone
jack. The Actiontec is an older model with only one ethernet plug. Since
I have four boxes, two of which are dual booting Fedora and XP, I have
an ethernet cable connecting the modem to the DSL plug of a Linksys
router. I then have separate cables connecting the four outlets on the
router to each of the four boxes. (I did all this cabling at a time
before wireless routing was as available and cheap as it is today.)

Each of the six operating systems (4 linux and 2 XP) has a static IP
address and each has a firewall. I have NFS running on the linux
systems. There's another firewall on the router, which is currently
port-forwarding only ssh and torrent data from the outside world.

I thought I'd check this out before going further....

Unusual was my first DSL setup, many years ago. My ISP even let you
run servers and provided DNS service if you had your own domain
name. I had a P-75 running as a combination of firewall, web server,
and relaying mail server. It also did NAT.

I would not consider such a setup secure now days, but the risk at
the time was acceptable.

I have mixed feeling on that, I think if you don't run a formal DMZ:

                         |          |
                       http       smtp
                        svr        svr

you are better with the web and mail servers on the firewall than inside it, where if the server gets compromised it looks like a trusted internal machine.

You can argue that either way, as well as debating if the servers are more or less secure in virtual machines.

Bill Davidsen <davidsen tmr com>
  "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]