[TriLUG] LAN/WAN interface question

Mike M linux-support at earthlink.net
Mon Feb 16 12:45:26 EST 2004 

On Mon, Feb 16, 2004 at 11:54:08AM -0500, Jon Carnes wrote:
> On Mon, 2004-02-16 at 11:41, Jeremy Portzer wrote:
> > On Mon, 16 Feb 2004, Mike M wrote:
> > 
> > > I need to open one server on my LAN to an outsider.  My Linksys
> > > router appliance (BEFSR11) doesn't seem to be up to the job.  I think
> > > it's time to upgrade to Linux.  
> > > 
> > > Reqs:
> > > 
> > > * Allow a certain static IP address to ssh to a single server. (THis is
> > > the requirement the appliance doesn't seem to support.)
> > 
> > Even though the appliance may not support this option, you can certainly
> > restrict which IP address can connect via ssh with iptables on the local
> > server, and/or with the sshd configuration file.  This single issue isn't
> > really a reason to ditch the appliance IMO, but certainly setting up a
> > Linux firewall/router would be a good exercise.
> > 
> > --Jeremy
> 
> I agree with Jeremy. You can use the DMZ option of the Linksys router to
> put this box in a DMZ, and then run a firewall on the box to limit the
> access by IP.
> 
> Of course, you could also spend $30 on a used laptop or pc and run Linux
> or OpenBSD and have a fantastic firewall that could let you do anything
> you want.
> 
> Note: if your passing through IPSec for VPN, then you'll want to use
> OpenBSD and not Linux.

Options:

1. wan---firewall---CVS server
                  |
	          +-other stuff

2. wan---appliance---DMZ machine (firewall,CVS server)
                   |
		   +-other stuff

Notes:

a. I have old Pentiums for appliance retirement; cost = $0
b. I would start with Linux and go to BSD as a second step

Questions:
i. Are the options properly represented?
ii. Is one option better than the other given the information in the
notes?
iii. The firewall runs on the CVS server on the machine in the DMZ?
iv. BSD is the safer ipsec choice?

Thanks,
-- 
Mike

Two hundred years ago, we note mischievously, the average American or 
European had a standard of living not very much superior to that of the
average man in India or China. -- dailyreckoning.com

More information about the TriLUG mailing list