Re: Network Design

2000-10-06 Thread Matt Lupfer
t: Friday, October 06, 2000 9:39 PM Subject: Re: Network Design > Hi Warren, > > > We also added something else that you might or might not want to do > > We have the true mail server in the 10.0.1.x area. The one in the > 12.14.x.y > > Area gets the mail from the outsi

Re: Network Design

2000-10-06 Thread Peter Kiem
Hi Warren, > We also added something else that you might or might not want to do > We have the true mail server in the 10.0.1.x area. The one in the 12.14.x.y > Area gets the mail from the outside then passes it on to the main mail > server. I was just wondering as to why you actually did this?

Re: Network Design

2000-10-04 Thread Jason Costomiris
On Wed, Oct 04, 2000 at 08:58:16AM -0500, Bill Carlson wrote: : I've run a two firewall setup, it was no more troublesome than a single : setup. The advantage is that an attacker would have to crack two boxes to : get to the private LAN as opposed to one. In this case it would be three! : : My ex

Re: Network Design

2000-10-04 Thread Gordon Messmer
On Wed, 4 Oct 2000, Bill Carlson wrote: > I've run a two firewall setup, it was no more troublesome than a single > setup. The advantage is that an attacker would have to crack two boxes to > get to the private LAN as opposed to one. In this case it would be three! For most protocols, two firewa

RE: Network Design

2000-10-04 Thread Scott
--- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Warren Melnick > Sent: Wednesday, October 04, 2000 8:14 AM > To: '[EMAIL PROTECTED]' > Subject: RE: Network Design > > > I have to agree with Gordon here. I have set up this exact design at a > f

Re: Network Design

2000-10-04 Thread Bill Carlson
On Tue, 3 Oct 2000, Gordon Messmer wrote: > On Tue, 3 Oct 2000, Jason Costomiris wrote: > > > don't care about the extra i/f's. Does IPchains not like that? > > ipchains is fine with multiple interfaces, you can specify rules by > interface or network address. The two firewall approach is pro

RE: Network Design

2000-10-04 Thread Warren Melnick
od Luck! Warren -Original Message- From: Gordon Messmer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 03, 2000 8:09 PM To: [EMAIL PROTECTED] Subject: Re: Network Design You might save yourself a lot of money if you set up your front firewall with three interfaces instead of two. You're

Re: Network Design

2000-10-03 Thread Gordon Messmer
On Tue, 3 Oct 2000, Jason Costomiris wrote: > don't care about the extra i/f's. Does IPchains not like that? ipchains is fine with multiple interfaces, you can specify rules by interface or network address. The two firewall approach is probably over the top, and potentially more troublesome.

Re: Network Design

2000-10-03 Thread Gordon Messmer
You might save yourself a lot of money if you set up your front firewall with three interfaces instead of two. You're also less likely to have problems with weird applications going through one firewall than two. Internet | |

Re: Network Design

2000-10-03 Thread tcurl
Try seawall it allows DMZ (3rdNIC). Put www,smtp, whatever in the DMZ Jason Costomiris <[EMAIL PROTECTED]>@redhat.com on 10/03/2000 07:58:13 PM Please respond to [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] To: [EMAIL PROTECTED] cc: Subject: Re: Network Design On Tue,

Re: Network Design

2000-10-03 Thread Jason Costomiris
On Tue, Oct 03, 2000 at 11:37:51PM +0200, Tobias Roppelt wrote: : Internet : | : Router : | : eth0 : Firewall1 : eth1 : | : ---hub- : |

Re: Network Design

2000-10-03 Thread Tobias Roppelt
On Tue, 3 Oct 2000, Scott wrote: Internet | Router | eth0 Firewall1 eth1 | ---hub- | | | eth0eth0