[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-ipchains
Subject:    RE: [ipchains] ipchains network design
From:       Gordon Smith <Gordon () hortauto ! co ! nz>
Date:       1998-10-29 20:54:08
[Download RAW message or body]

	With a setup like that having public  IP addresses on your
internal network is unneccessary.
	I would set up:

	ROUTER ---------- Firewall --------- LAN
	                  |
	                  |
	                DMZ

	where your router has a public IP address and static routes to
your web, ftp, etc. servers in the DMZ, and the firewall
	does masquerading, filtering and accounting. The firewall -
router segment would be on a separate subnet from the rest of
	the network.
	BTW, I would also use access lists at the router. 

	Hope thats some help,
	Gordon


==========================================================================
To unsubscribe send email to: majordomo@wantree.com.au with
'unsubscribe ipchains <email address>' in the message body.
(replace <email address> with your email address :)
==========================================================================

[prev in list] [next in list] [prev in thread] [next in thread]