Firewall Wizards mailing list archives
Re: Q on external router
From: Vinci Chou <vkmchou () hk super net>
Date: Thu, 23 Apr 1998 14:34:58 +0800 (HKT)
Bennett Todd wrote:
by using one DMZ interface on the bastion, and a hub for the hosts in the DMZ, and a trick: assign each DMZ host an address on a separate net --- again perhaps using the RFC 1918 addresses and NAT in the bastion. Give the bastion's DMZ interface, connected to the hub, addresss on all the nets. Have the clients in the DMZ, each on their own separate net (travelling over the same ether) all use the bastion for their default router. Then let the bastion's ipfw or ipfilter or whatever provide access restrictions among the DMZ hosts.
However, because these DMZ hosts are on the same phsical segment, even they have different net numbers, a compromised host is still able to sniff the traffic, isn't it ? Vinci
Current thread:
- Re: Q on external router, (continued)
- Re: Q on external router tqbf (Apr 24)
- Re: Q on external router darrenr (Apr 24)
- Re: Q on external router Roger Marquis (Apr 24)
- Re: Q on external router tqbf (Apr 25)
- Re: Q on external router Adam Shostack (Apr 26)
- Re: switched DMZ (was Q on external router) Roel JT Jonkman (Apr 23)
- Re: Q on external router Bennett Todd (Apr 23)
- Re: Q on external router tqbf (Apr 24)