Security Basics mailing list archives
Re: risk attaching dsl modems to office network?
From: "Eric M." <ematt.lists () gmail com>
Date: Thu, 15 Jul 2010 11:51:45 -0500
The response from Ansgar is correct. I would also like to point out that simply plugging three DSL routers into a network probably won't do much other than create DHCP conflicts. Networking doesn't automatically bond three connections to get three times the speed. You must have specialized hardware that is supported by your ISP in order to bond multiple connections together to get triple the speed. Now, if you already have this in place, then disregard, but I figured it was worth pointing out. The best you can do if you just have a normal "small office" DSL router that does not have ISP-supported bonding is to use a second DSL line for your servers, or use the additional line as a fall-back for redundancy purposes. EM On Mon, Jul 12, 2010 at 11:59 AM, Andy Colson <andy () squeakycode net> wrote:
Hi List, I'm a programmer, not a network guy, so before I do something dumb I wanted to get some opinions, and this seemed like a good place to start. If there is someplace else that might be helpful I'd appreciate a pointer. We host a few websites, but where we are located we cannot get really big pipe's without spending lots of $$$. So we have three dsl lines with an "enterprise" plan that lets us host from them. Each has a different outside IP address, and the inside ip is 192.168.0.1. Our current setup has the dsl modem plugged into the web server, and the web server has two nics. One on 192.168.0. (the dsl) and on 192.168.10. (the office). The 10. line is, obviously, plugged into the office switches. So it looks like: internet | | V dsl modem | | V web server ---> switches -->> office This all works ok, but to add a reverse proxy, and some monitoring, I'd like to plug the dsl modems into the switches. I can give each dsl modem a different internal ip (192.168.0.1, 192.168.0.2 and 192.168.0.3) and dmz them to a new computer at 192.168.0.42. New layout: internet | | V dsl modem | | V switches -->> office (.10.) | | V proxy/load balancer (.0.) --->web1 | | V web2 My worry here, and my question for you, is: am I opening myself to "bad things" if I plug my dsl modems into my office switches? Will a resourceful hacker be able to see my 10.* traffic? The dsl modems have both NAT and DMZ, I'm thinking of using DMZ and putting iptables on the proxy box. Would you think that would be safer than using NAT? (The dsl modem has firewall and NAT (well its port forwarding, I'm not sure it thats NAT)). DMZ or NAT will only go to one IP, 0.42. Thank you for your time, -Andy ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- risk attaching dsl modems to office network? Andy Colson (Jul 13)
- Re: risk attaching dsl modems to office network? Ansgar Wiechers (Jul 14)
- Re: risk attaching dsl modems to office network? Eric M. (Jul 16)
- Re: risk attaching dsl modems to office network? Andy Colson (Jul 16)