Re: looking for a hub or switch that can connect a VPN and apply firewall rules to all ports

[Justin Mitchell <jgmitchell () gmail com>]

On Mon, Aug 17, 2009 at 12:17 AM, Thomas Anderson<zelnaga () gmail com> wrote:
> On Sat, Aug 15, 2009 at 5:13 PM, Justin Mitchell<jgmitchell () gmail com> wrote:
> > What you are wanting to do still won't prevent the ISP from shutting down
> > your single internet connection if one user behaves badly. You need an
> > individual internet connectio for each user. 20 users = 20 modems/routers
>
> Ok...  let's change the situation around a bit.  If your router only
> has four ethernet ports on it and you want to connect seven computers
> to the LAN, do you buy a router or a hub?  If you buy a router, you'll
> be creating a LAN within a LAN - if you buy a hub, you'll just be
> extending the existing LAN.

I would purchase a switch, not a hub. Depending on the switch you use,
you can segment the users.


> Let's say the network my ISP connects me to is, itself, a LAN.
> Technically, the fact that they provide my internet service qualifies
> them as an ISP, does it not?  That this, shall we say, pseudo ISP
> wants to ban me, however, does not mean their ISP wants to ban me.
> Indeed, thanks to network address translation, they wouldn't be able
> to distinguish me from anyone else.

Say the psuedo ISP wants to ban you, that is something you would have
to discuss with them. They could simply disable your access through
the use of access-lists or pulling the plug to your section of the
network. If you can prove it is a single user and they would cut off
just their access, you're fine.

Sounds like you need a method of controlling traffic on your section
of the network before it gets to your provider, whether it is an
actual ISP or a psuedo ISP. Or as you alluded to in an earlier post,
encrypt all the outbound traffic in a VPN through the network to an
external point.

> Or lets say you're the US Department of Defense and have multiple /8
> IP address blocks.  If you have a hub plugged directly into their
> OC-192 modem do you still need 20 modems / routers for 20 users?  I
> actually don't know the answer to that one, although I suspect you
> don't, either.

I do have an answer, you need some big switches capable of doing layer
3 routing and passing the traffic downstream as quickly as possible to
your distribution layer devices.


-- 
Practice Does Not Make Perfect. Perfect Practice Makes Perfect.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------