[ale] Networking (thinking out loud)

[Keith Hopkins]

Hi all,

  I'm setting up new server machine, and I can't decide how to do the routing....

  What I have is boxA (cable modem), boxB (firewall, DynIP to internet), boxC ("secure" server), boxX (multiple clients & internal only server)

boxB is a SuSE filewall with masqarading (NAT).
boxC is HP Secure OS for Linux, hosting web, dns, ftp, sshd, squid, smtp & imap services.

The two setups I'm thinking about are:

setup1) boxA--boxB--boxC--boxX
or
setup2) boxA--boxB--hub--<boxC
                         <boxX

  I want to isolate boxX as much as possible from the internet (boxA), but still have available services like Instant Messengers and outbound VPN clients.  I also don't want to get too complex with the iptables.

  If I use setup1, that gives more isolation, but then I have to proxy or passthrough IM & VPN on boxC, and I'm not sure the best way to accomplish that.  If I just do a passthrough, how much am I opening up boxX to the world?  Can I move the NAT from boxB to boxC?

  Setup2 seems much simpler to setup and maintain (K.I.S.S.).  But that kind of defeats the purpose of playing with all this :-)

  Any ideas on how to go with setup1?

Lost in Tokyo,
  Keith


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.