different network firewall setup

Heeter

Overclocked Like A Mother
Joined
8 Jul 2002
Messages
2,732
I am part of another website, and one question arised as to who uses what as a firewall.

This particular person posted this,

Code:
I used to use a s/w firewall but found it was a waste of my resources! 

I currently have this...

Modem firewall set to DMZ to my server, other shiz is firewalled.

Linksys firewall is OFF! 

From there I have a P1, 64MB ram, 4 gig HDD, 
4 1G ethernet cards running Linux Ipcop as my true network firewall...

I have one subnet to the DMZ with my modem for my server...

2 more with my home network using the 4th for the internet! 

That said, take a stab at me, I DARE YA! hehe

Overkill?

Not with something running in the DMZ my friends!
The more I look at this setup, the more I don't understand why this works. Has anyone ever seen this type of setup?

Sounds like he is basically using IPCOP as a switch, but why DMZ the server?


Heeter
 

Dark Atheist

OSNN Veteran Addict
Political Access
Joined
8 Apr 2003
Messages
6,376
i normally just block all ports on the linksys router i have (running tomato) and only open ports as and when i need them
 

Heeter

Overclocked Like A Mother
Joined
8 Jul 2002
Messages
2,732
I am trying to figure out what is being accomplished by DMZ'ing the server.


Heeter
 

Dark Atheist

OSNN Veteran Addict
Political Access
Joined
8 Apr 2003
Messages
6,376
dmz = all ports open, just open the ports you need and if poss restrict what ever you have running by ip
 

Dark Atheist

OSNN Veteran Addict
Political Access
Joined
8 Apr 2003
Messages
6,376
thought everyone knew what the DMZ was ;) still if you don't ask you don't learn and its all about learning, sometimes lessons learned the easy way sometimes the hard way :p
 

Heeter

Overclocked Like A Mother
Joined
8 Jul 2002
Messages
2,732
What I am asking is that I have always been told is to bury the servers into the network, not leave them DMZ'ed right from the router, then shut off the router firewall.


Heeter
 

Geffy

OSNN Veteran Addict
Joined
18 Mar 2002
Messages
7,805
Typically you'll want to place as much as you can behind the normal firewall. In some cases though, if you have some traffic which you just don't want to firewall, or you are running an external firewall then you'll use a DMZ. Sometimes its just too much hassle to have to access something else to open up a firewall port.
 

X-Istence

*
Political Access
Joined
5 Dec 2001
Messages
6,498
What I think he did is this:

Code:
modem -> router -> linux machine

                                    - another machine
                                   /
Router -> Linux machine -   - yet another machine
                                   \
                                    - Box used for internet

So basically he could have just hooked up his cable modem to his Linux machine and it would have been basically the same.

Also, it is completely retarded to put gigbit cards in a pentium 1 machine, as the computer will run out of processing power before even reaching full 100 Mbit speeds, and the PCI bus that is used in such old machines can't even take advantage of the speed improvements the card offers because the bandwidth on it is too small.
 

Members online

No members online now.

Latest profile posts

Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.
Terrahertz wrote on Electronic Punk's profile.
Yo fellas!
Electronic Punk wrote on Sazar's profile.
Where are you buddy?
Perris Calderon wrote on Electronic Punk's profile.
Hey EP! All good with me, applying for Microsoft MVP right now, should have done this a while ago.

Notifications don't work, I only found your response by coming back to hunt up some threads, if you want, give me your email address so we can keep in touch easier!
Perris Calderon wrote on Electronic Punk's profile.
EP, glad to see you come back and tidy up...did want to ask a one day favor, I want to enhance my resume , was hoping you could make me administrator for a day, if so, take me right off since I won't be here to do anything, and don't know the slightest about the board, but it would be nice putting "served administrator osnn", if can do, THANKS

Been running around Quora lately, luv it there!

Forum statistics

Threads
61,997
Messages
673,411
Members
5,590
Latest member
AntonioPR