Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
RE: [suse-security] RFC: Network Setup
  • From: "Stefan Nauber" <nauber@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
  • Date: Tue, 5 Feb 2002 10:04:30 +0100
  • Message-id: <001301c1ae24$1fef32b0$0c01a8c0@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Hello Markus,

thanks for your answer. I think there is a little missunderstanding.

I thought of the following basic setup:

LAN <->PROXY<->DMZ<->FIREWALL<->INTERNET
^->MAILSERVER

The DMZ is an IP-Network with 3 computers attached: Proxy, Firewall and
Mailserver.

The router between DMZ and Internet is the firewall. Between the LAN and the
DMZ there is the proxy.
My idea was to give each computer another network interface and connect them
to an IP network, the administrative net.

What I understood you thought about was a firewall with Interfaces to the
LAN, to the Internet and to the DMZ acting as one router between them all.
Proxy and Mailserver as to computers in the DMZ offering services.

Of course you are right saying that each link imposes another risk - but how
would you weigh it against the benefit of separating productive and
administrative traffic.

Greetings,
Stefan


< Previous Next >
References