On Du, 13 feb 11, 14:09:12, Tixy wrote: > > It's not like that, my server's Ethernet interface only has one, > private, IP address. > > The server uses PPPoE to talk to the modem, which translates this into > PPPoA to get to my IPSs equipment. So once my server has 'dialled' my > ISP the ppp interface on my server ends up with my public address, which > iptable rules can NAT, filter and forward to the private IP range. > > Unless I've fundamentally misunderstood networking, I can't see how > connecting the modem to a separate NIC on the server adds any security. > > (I don't discount me getting something horribly wrong, this setup is > only a few weeks old and my first foray into firewalls and routing.)
You seem to assume it is impossible for a packet to reach one of the other internal computers without taking the detour via the server (and it's firewall). Maybe I'm paranoid, but I wouldn't base the security of my internal network on this assumption. Regards, Andrei -- Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
signature.asc
Description: Digital signature
