Mailinglist Archive: opensuse-security (297 mails)
| < Previous | Next > |
Firewall with one physical and one virtual interface
- From: "Lukas Feiler" <lukas.feiler@xxxxxxxxx>
- Date: Thu, 8 Jul 2004 17:54:37 +0200
- Message-id: <000301c46503$df60b220$3d01a8c0@ROCKET>
Hi list,
I have multiple dedicated servers at a provider that does not offer a
firewall. Nor is it possible to get a second network interface for one of
the servers and configure it as a firewall. I was therefore thinking of
reconfiguring one of the servers as a firewall with a physical interface to
the outside world and a virtual interface to the inside. The internal
interface of the firewall and all servers would be assigned a private IP
address. The firewall would perform DNAT for the servers.
What are your security concerns about this setup?
Note: I really need a firewall for the servers because they are running
Win2K & Win2K3.
The setup is like this:
#
#
# eth0 (public IP)
####################
# #
# FIREWALL #
# (performs DNAT) #
####################
# eth0:0 (private IP)
#
## ##
(private IP)# # (private IP)
########## ##########
# # # #
# SRV1 # # SRV2 #
# # # #
########## ##########
thanx,
Lukas
I have multiple dedicated servers at a provider that does not offer a
firewall. Nor is it possible to get a second network interface for one of
the servers and configure it as a firewall. I was therefore thinking of
reconfiguring one of the servers as a firewall with a physical interface to
the outside world and a virtual interface to the inside. The internal
interface of the firewall and all servers would be assigned a private IP
address. The firewall would perform DNAT for the servers.
What are your security concerns about this setup?
Note: I really need a firewall for the servers because they are running
Win2K & Win2K3.
The setup is like this:
#
#
# eth0 (public IP)
####################
# #
# FIREWALL #
# (performs DNAT) #
####################
# eth0:0 (private IP)
#
## ##
(private IP)# # (private IP)
########## ##########
# # # #
# SRV1 # # SRV2 #
# # # #
########## ##########
thanx,
Lukas
| < Previous | Next > |