[ previous ] [ next ] [ threads ]
 
 From:  "Jason J. Ellingson" <jason at ellingson dot com>
 To:  "'Adam Gibson'" <agibson at ptm dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] m0n0wall @ colocation facility
 Date:  Mon, 6 Dec 2004 18:47:13 -0600
There is no real LAN.  Only servers.  All of which are publicly reachable
via real world IPs.

If it were possible to have PPTP and IPSEC to show up on the OPT1 interface,
I'd never even bother with the LAN port at all.  But alas...

Hence, why the servers need to be connected to the LAN port of the m0n0wall
as well.
------------------------------------------------------------
Jason J Ellingson
Technical Consultant

615.301.1682 : nashville
612.605.1132 : minneapolis

www.ellingson.com
jason at ellingson dot com

-----Original Message-----
From: Adam Gibson [mailto:agibson at ptm dot com] 
Sent: Monday, December 06, 2004 1:50 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] m0n0wall @ colocation facility

Jason J. Ellingson wrote:
> I run 8 servers at a co-location facility with m0n0wall protecting them.
...
> All my servers have two NICs... so one gets a WAN (real world) IP and one
> gets a LAN (private) IP.  If you have only one NIC, that's okay... just
give
> both IPs to the same NIC.

 From an access control perspective, Why even separate your servers from 
your LAN if you are just going to dual nic the servers on the OPT1 
network connecting to your LAN.  If the servers are compromised they 
have direct access to your LAN that way without any access control from 
the firewall.

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch