Date: 23 Oct 2002 20:08:40 -0700 From: swear@attbi.com (Gary W. Swearingen) To: "Derrick Ryalls" <ryallsd@datasphereweb.com> Cc: <freebsd-questions@FreeBSD.ORG> Subject: Re: Linux vs. FreeBSD Message-ID: <l4adl4y1mv.dl4@localhost.localdomain> In-Reply-To: <006101c27ad1$2b410470$0200a8c0@bartxp> References: <006101c27ad1$2b410470$0200a8c0@bartxp>
next in thread | previous in thread | raw e-mail | index | archive | help
"Derrick Ryalls" <ryallsd@datasphereweb.com> writes:
> I have an associate who will be making major changes to their network
> and want my help/advice. He intends to have a something like this:
>
> ----Web server (Public IP)
> inet ----- router( Public IP) --- /
> \____DMZ (Private IPs)
>
>
> The DMZ will house his mail, misc. servers and workstations.
I'm no networking expert, but that doesn't sound like a DMZ to me.
Sounds like your "private" network. Except I'm not sure how private
it is on the same network as the Web server. I was told to use:
/---------DMZ (with public services)
|
inet --- (router+filter) [with three NICs]
|
\---------PrivateZone (with private services)
If someone cracks one of your buggy public serviers, they're still
"outside" the firewall.
The router+filter is easily handled by a 486/66 at 10Mbps; I don't know
about 100. Any Unixy OS should do the job OK in all but a few cases,
though different people have favorites for different reasons which I'm
not able or willing to delve into. All have good, stateful filters
available. They probably all have ways of booting the router/filter's
software off a floppy or CDROM (picoBSD, for FreeBSD). I suppose
familiarity is the most important factor.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?l4adl4y1mv.dl4>