Security Basics mailing list archives

Re: Access Internal and External Networks

From: "John Hollyoak" <mail () jhollyoak com>
Date: Fri, 19 Sep 2003 12:35:46 -0400

I think the best approach would be to setup some sort of
DMZ/Router/Firewall.  Put 3 NICs in a box, 1 going to the internal,
external, and DMZ networks.  Then use IPtables, and build your rules
accordingly to allow traffic where it needs to go.  This is probably the
cheapest solution.

Directly connecting multiple servers to the external network is generally
not a good idea, no matter how "tight" you lock down the servers. Hope this
helps.

Regards,

John
----- Original Message -----
From: <william () orlitech com au>
To: <security-basics () securityfocus com>
Sent: Thursday, September 18, 2003 6:42 PM
Subject: Access Internal and External Networks



I have a need for some servers to access both the external network and the

internal network and am wondering which approach would be best:


1. 2 NIC's in each server one connected to the external network and one

connected to the internal network


2. 1 NIC in each server connected to the internal network and DNAT the

required ports from the external address to the internal address


Thanks

William

--------------------------------------------------------------------------

Captus Networks
Are you prepared for the next Sobig & Blaster?
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Precisely Define and Implement Network Security
 - Automatically Control P2P, IM and Spam Traffic
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit
http://www.captusnetworks.com/ads/42.htm
--------------------------------------------------------------------------

--



---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------

Current thread:

Access Internal and External Networks william (Sep 19)
- Re: Access Internal and External Networks JGrimshaw (Sep 19)
- Re: Access Internal and External Networks John Hollyoak (Sep 19)
- RE: Access Internal and External Networks David Gillett (Sep 19)
- Re: Access Internal and External Networks Ansgar -59cobalt- Wiechers (Sep 22)
- Re: Access Internal and External Networks alias (Sep 22)
- <Possible follow-ups>
- RE: Access Internal and External Networks Hagen, Eric (Sep 19)
- RE: Access Internal and External Networks Meidinger Chris (Sep 22)