different network firewall setup

Heeter

Overclocked Like A Mother
Joined
8 Jul 2002
Messages
2,732
I am part of another website, and one question arised as to who uses what as a firewall.

This particular person posted this,

Code:
I used to use a s/w firewall but found it was a waste of my resources! 

I currently have this...

Modem firewall set to DMZ to my server, other shiz is firewalled.

Linksys firewall is OFF! 

From there I have a P1, 64MB ram, 4 gig HDD, 
4 1G ethernet cards running Linux Ipcop as my true network firewall...

I have one subnet to the DMZ with my modem for my server...

2 more with my home network using the 4th for the internet! 

That said, take a stab at me, I DARE YA! hehe

Overkill?

Not with something running in the DMZ my friends!
The more I look at this setup, the more I don't understand why this works. Has anyone ever seen this type of setup?

Sounds like he is basically using IPCOP as a switch, but why DMZ the server?


Heeter
 
i normally just block all ports on the linksys router i have (running tomato) and only open ports as and when i need them
 
I am trying to figure out what is being accomplished by DMZ'ing the server.


Heeter
 
dmz = all ports open, just open the ports you need and if poss restrict what ever you have running by ip
 
thought everyone knew what the DMZ was ;) still if you don't ask you don't learn and its all about learning, sometimes lessons learned the easy way sometimes the hard way :p
 
What I am asking is that I have always been told is to bury the servers into the network, not leave them DMZ'ed right from the router, then shut off the router firewall.


Heeter
 
Typically you'll want to place as much as you can behind the normal firewall. In some cases though, if you have some traffic which you just don't want to firewall, or you are running an external firewall then you'll use a DMZ. Sometimes its just too much hassle to have to access something else to open up a firewall port.
 
What I think he did is this:

Code:
modem -> router -> linux machine

                                    - another machine
                                   /
Router -> Linux machine -   - yet another machine
                                   \
                                    - Box used for internet

So basically he could have just hooked up his cable modem to his Linux machine and it would have been basically the same.

Also, it is completely retarded to put gigbit cards in a pentium 1 machine, as the computer will run out of processing power before even reaching full 100 Mbit speeds, and the PCI bus that is used in such old machines can't even take advantage of the speed improvements the card offers because the bandwidth on it is too small.
 

Members online

No members online now.

Latest profile posts

Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
Any of the SP crew still out there?
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
hello peeps... is been some time since i last came here.
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.

Forum statistics

Threads
62,015
Messages
673,494
Members
5,621
Latest member
naeemsafi
Back