[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: At Last


You are right. What you wrote is _much_ simpler.
You loose an order of magnitude with you go from having
two DSL lines to using just one.  You loose half that
much complexity by having justone public IP address.

Basically if you have just one IP address and one DSL line
you can use the simple home networking routers like
Linksys and it's easy to setup.  

As soon as you start talking about multiple paths to the
Internet and/or multiple IP address you've left the realm of
mass market cheap rounters.

I think Tom will have to tell us what he wants and specifically
how he wants to look to the outside world and how much he
can trade security for a simple setup.  We all know what kind
of cars Tom brought.  Let's see if his tasts in networks match

One thing in favor of Robert's idea is that even if he does go
with a DMZ type setup, everything importentwill have to go on
the DMZ segmant the complex setup will degenerate to the simpller
setup outlines below.

So Tom, can you say what you want in simple terms?  What needs to be
accessable to whom.  What is to stay 100% unaccessable even to
a smart hacker with time on his hands.  


--- "Robert J. Bradbury" <bradbury@aeiveos.com> wrote:
> 
> Without stepping on the fingers of any of the network experts
> on the list...
> 
> My suggestion would be to
> (1) Stick with the "simple" DSL configuration for public access.
> (I.e. *one* public IP address).
> 
> This can, and probably should be a Linux box upon which you
> keep the OS updated for security purposes.
> 
> This is your "gateway" machine.
> 
> You use "Squid" as the internal gateway to the Web.
> 
> You use "Samba" to allow the Linux box to connect
> to files on any of the Windows machines and vice-versa.
> (Samba can serve as a Windows domain controller).
> 
> You use "NFS" to connect any of the "internal" files
> on various Linux machines to the gateway for external access.
> 
> You use "SSH" to allow external folks to get to the "public"
> server and remotely access any "internal" machines.
> 
> Any WiFi equipment should be put into place only after careful
> considerations regarding security issues.
> 
> (2) When and if Tom (or others) decide to go to some higher
> bandwidth connections (e.g. cable/satellite), though I suspect
> this will require going to IPV6 due to the current shortage
> of IP addresses, then you simply assign the gateway machine
> multiple IP addresses.
> 
> The only flaw I'm aware of in this situation is if the gateway
> machine happens to go down (but then that isn't much different
> from the DSL line going down...).  Tom isn't in Florida but
> I'm sure he has seen his share of "mother nature" acting up.
> 
> Also if Tom has a 4-wire twisted pair running into his house
> I think he can run 2 DSL lines though I would expect performance
> to suffer from time to time (but this is just speculation on
> my part).
> 
> I'm reasonably sure that there has been enough testing and
> security built into the packages I mention above that there
> should be minimal problems on that front while still allowing
> construcive work to be done with minimal headaches.
> 
> Others should feel free to correct if I'm way off base
> anywhere here.
> 
> Robert
> 
> 
> 
> 

Chris Albertson
  Home:   310-376-1029  chrisalbertson90278@yahoo.com
  Cell:   310-990-7550
  Office: 310-336-5189  Christopher.J.Albertson@aero.org
  KG6OMK


	
		
__________________________________ 
Celebrate Yahoo!'s 10th Birthday! 
Yahoo! Netrospective: 100 Moments of the Web 
http://birthday.yahoo.com/netrospective/