[vox-tech] bridging subnets

Joel Baumert vox-tech@lists.lugod.org
Tue, 14 Jan 2003 08:18:51 -0800


The poster really doesn't have a secure network now
because there are machines unprotected on the external
Internet.  With IP chains locking down things like
windows networking, the network security could be
enhanced over what is there now...

Joel

On Tue, Jan 14, 2003 at 12:49:25AM -0800, Jeff Newmiller wrote:
> On Mon, 13 Jan 2003, Joel Baumert wrote:
[general description of possible solution...]
> 
> The dnat idea is a good one (assuming you are running kernel 2.4), except
> that you DON'T WANT TO DO IT TO YOUR INTERNAL NETWORK.
> 
> External servers should be put into a DMZ network.  Data connectivity
> between internal network and DMZ should originate from the internal
> network only, to prevent a cracker from plowing through your network one
> system at a time.
>