different network firewall setup

Discussion in 'Windows Server Systems' started by Heeter, Jan 10, 2008.

  1. Heeter

    Heeter Overclocked Like A Mother

    Messages:
    2,732
    I am part of another website, and one question arised as to who uses what as a firewall.

    This particular person posted this,

    Code:
    I used to use a s/w firewall but found it was a waste of my resources! 
    
    I currently have this...
    
    Modem firewall set to DMZ to my server, other shiz is firewalled.
    
    Linksys firewall is OFF! 
    
    From there I have a P1, 64MB ram, 4 gig HDD, 
    4 1G ethernet cards running Linux Ipcop as my true network firewall...
    
    I have one subnet to the DMZ with my modem for my server...
    
    2 more with my home network using the 4th for the internet! 
    
    That said, take a stab at me, I DARE YA! hehe
    
    Overkill?
    
    Not with something running in the DMZ my friends!
    
    The more I look at this setup, the more I don't understand why this works. Has anyone ever seen this type of setup?

    Sounds like he is basically using IPCOP as a switch, but why DMZ the server?


    Heeter
     
  2. Dark Atheist

    Dark Atheist Moderator Political User Folding Team

    Messages:
    6,376
    Location:
    In The Void
    i normally just block all ports on the linksys router i have (running tomato) and only open ports as and when i need them
     
  3. Heeter

    Heeter Overclocked Like A Mother

    Messages:
    2,732
    I am trying to figure out what is being accomplished by DMZ'ing the server.


    Heeter
     
  4. Dark Atheist

    Dark Atheist Moderator Political User Folding Team

    Messages:
    6,376
    Location:
    In The Void
    dmz = all ports open, just open the ports you need and if poss restrict what ever you have running by ip
     
  5. Which is precisely why it shouldn't be done!
     
  6. Dark Atheist

    Dark Atheist Moderator Political User Folding Team

    Messages:
    6,376
    Location:
    In The Void
    thought everyone knew what the DMZ was ;) still if you don't ask you don't learn and its all about learning, sometimes lessons learned the easy way sometimes the hard way :p
     
  7. Heeter

    Heeter Overclocked Like A Mother

    Messages:
    2,732
    What I am asking is that I have always been told is to bury the servers into the network, not leave them DMZ'ed right from the router, then shut off the router firewall.


    Heeter
     
  8. Geffy

    Geffy Moderator Folding Team

    Messages:
    7,805
    Location:
    United Kingdom
    Typically you'll want to place as much as you can behind the normal firewall. In some cases though, if you have some traffic which you just don't want to firewall, or you are running an external firewall then you'll use a DMZ. Sometimes its just too much hassle to have to access something else to open up a firewall port.
     
  9. X-Istence

    X-Istence * Political User

    Messages:
    6,498
    Location:
    USA
    What I think he did is this:

    Code:
    modem -> router -> linux machine
    
                                        - another machine
                                       /
    Router -> Linux machine -   - yet another machine
                                       \
                                        - Box used for internet
    
    So basically he could have just hooked up his cable modem to his Linux machine and it would have been basically the same.

    Also, it is completely retarded to put gigbit cards in a pentium 1 machine, as the computer will run out of processing power before even reaching full 100 Mbit speeds, and the PCI bus that is used in such old machines can't even take advantage of the speed improvements the card offers because the bandwidth on it is too small.