[mailed and posted]
On Oct 28, 2004, at 11:07 PM, Adriano Castro wrote:
> I haven't tried m0n0wall yet but will do soon. I'll probably start
> off using an old PC and either a hard-drive or the CD-ROM solution.
> But the embedded PCs really interest me.
I find the coolness factor alone worth it. (Plus not having a spare PC
at the time.)
> In the meantime, I've been reading about the latter ones and don't
> fully understand the need or use of a 3rd Ethernet port (as in
> Soekris' net4501-30 model). 2 ports make sense to me: WAN + LAN. I
> believe the 3rd port is commonly used for DMZ, correct?
Yes. There are other uses as well, I'd guess that most people us it
for a DMZ.
> If this is the case it kind of confuses me because I'm used to
> having DMZs set-up virtually.
I'm not fully certain what you mean by "virtual DMZ" I suspect that
you mean that you have a couple of machines on your local net for which
you have 1 to 1 NAT mapping. That is, you are allowing a couple of
machines to be much more exposed then most machines on your LAN.
However, if those exposed machines are on your LAN with no firewall
between them and your LAN, then you don't have an effective DMZ. A
compromise on one of the exposed machines gives access to your LAN.
Maybe some Linksys marketing guy came up with the term "virtual DMZ",
but if it means what I think it means, then it is a very misleading
So, if you go with the PC option and will use a DMZ, then be sure to
have (at least) three interfaces on that PC.
> Terribly sorry if this question sounds awkward or even dumb but
> there's a long way to go for me in the firewall/embedded PC world.
I'm a bit of a new commer myself. I've found the help on this list
wonderful. There seems to be a great community of people who really
want to help us new comers.