[ale] Networking (thinking out loud)
hne at hopnet.net
Sat Jan 26 01:35:13 EST 2002
I'm setting up new server machine, and I can't decide how to do the routing....
What I have is boxA (cable modem), boxB (firewall, DynIP to internet), boxC ("secure" server), boxX (multiple clients & internal only server)
boxB is a SuSE filewall with masqarading (NAT).
boxC is HP Secure OS for Linux, hosting web, dns, ftp, sshd, squid, smtp & imap services.
The two setups I'm thinking about are:
I want to isolate boxX as much as possible from the internet (boxA), but still have available services like Instant Messengers and outbound VPN clients. I also don't want to get too complex with the iptables.
If I use setup1, that gives more isolation, but then I have to proxy or passthrough IM & VPN on boxC, and I'm not sure the best way to accomplish that. If I just do a passthrough, how much am I opening up boxX to the world? Can I move the NAT from boxB to boxC?
Setup2 seems much simpler to setup and maintain (K.I.S.S.). But that kind of defeats the purpose of playing with all this :-)
Any ideas on how to go with setup1?
Lost in Tokyo,
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale