|
||||||||
There is no real LAN. Only servers. All of which are publicly reachable via real world IPs. If it were possible to have PPTP and IPSEC to show up on the OPT1 interface, I'd never even bother with the LAN port at all. But alas... Hence, why the servers need to be connected to the LAN port of the m0n0wall as well. ------------------------------------------------------------ Jason J Ellingson Technical Consultant 615.301.1682 : nashville 612.605.1132 : minneapolis www.ellingson.com jason at ellingson dot com -----Original Message----- From: Adam Gibson [mailto:agibson at ptm dot com] Sent: Monday, December 06, 2004 1:50 PM To: m0n0wall at lists dot m0n0 dot ch Subject: Re: [m0n0wall] m0n0wall @ colocation facility Jason J. Ellingson wrote: > I run 8 servers at a co-location facility with m0n0wall protecting them. ... > All my servers have two NICs... so one gets a WAN (real world) IP and one > gets a LAN (private) IP. If you have only one NIC, that's okay... just give > both IPs to the same NIC. From an access control perspective, Why even separate your servers from your LAN if you are just going to dual nic the servers on the OPT1 network connecting to your LAN. If the servers are compromised they have direct access to your LAN that way without any access control from the firewall. --------------------------------------------------------------------- To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch |