Re: risk attaching dsl modems to office network?

["Eric M." <ematt.lists () gmail com>]

The response from Ansgar is correct.  I would also like to point out
that simply plugging three DSL routers into a network probably won't
do much other than create DHCP conflicts.  Networking doesn't
automatically bond three connections to get three times the speed.
You must have specialized hardware that is supported by your ISP in
order to bond multiple connections together to get triple the speed.
Now, if you already have this in place, then disregard, but I figured
it was worth pointing out.

The best you can do if you just have a normal "small office" DSL
router that does not have ISP-supported bonding is to use a second DSL
line for your servers, or use the additional line as a fall-back for
redundancy purposes.

EM

On Mon, Jul 12, 2010 at 11:59 AM, Andy Colson <andy () squeakycode net> wrote:
> Hi List,
>
> I'm a programmer, not a network guy, so before I do something dumb I wanted to get some opinions, and this seemed 
> like a good place to start.  If there is someplace else that might be helpful I'd appreciate a pointer.
>
> We host a few websites, but where we are located we cannot get really big pipe's without spending lots of $$$.  So we 
> have three dsl lines with an "enterprise" plan that lets us host from them.  Each has a different outside IP address, 
> and the inside ip is 192.168.0.1.
>
> Our current setup has the dsl modem plugged into the web server, and the web server has two nics.  One on 192.168.0. 
> (the dsl) and on 192.168.10. (the office).  The 10. line is, obviously, plugged into the office switches.
>
> So it looks like:
>
> internet
> |
> |
> V
> dsl modem
> |
> |
> V
> web server ---> switches -->> office
>
> This all works ok, but to add a reverse proxy, and some monitoring, I'd like to plug the dsl modems into the 
> switches.  I can give each dsl modem a different internal ip (192.168.0.1, 192.168.0.2 and 192.168.0.3) and dmz them 
> to a new computer at 192.168.0.42.
>
> New layout:
> internet
> |
> |
> V
> dsl modem
> |
> |
> V
> switches -->> office (.10.)
> |
> |
> V
> proxy/load balancer (.0.) --->web1
> |
> |
> V
> web2
>
>
> My worry here, and my question for you, is: am I opening myself to "bad things" if I plug my dsl modems into my 
> office switches?  Will a resourceful hacker be able to see my 10.* traffic?
>
> The dsl modems have both NAT and DMZ, I'm thinking of using DMZ and putting iptables on the proxy box.  Would you 
> think that would be safer than using NAT?  (The dsl modem has firewall and NAT (well its port forwarding, I'm not 
> sure it thats NAT)).  DMZ or NAT will only go to one IP, 0.42.
>
>
> Thank you for your time,
>
> -Andy
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------