[lug] 2 IPs, one DSL
David Anselmi
anselmi at anselmi.us
Sun Jun 6 13:08:57 MDT 2004
Elyse M. Grasso wrote:
[...]
> Is there a good, reasonably current source online that discusses hardware and
> software configurations and security considerations for a set-up like this?
If you use Qwest as your ISP see:
http://my.qwest.net/nav4/help/your_acct/set_cisco_675.html
for directions on setting up your DSL modem. If you have a different
ISP, check with them and your Linksys manual for using multiple IPs with it.
As for security considerations, I guess _Building Internet Firewalls_
from O'Reilly would be good. I see they have _The Best Damn Firewall
Book Period_, which is newer but I don't know anything about it.
The main security issue you'll face is that currently NAT protects all
ports you don't specifically allow (via DNAT). If you put machines on a
subnet using public IPs you may expose ports you don't want to. A
firewall is a typical way to protect those ports.
You don't necessarily need a (stand alone) firewall if you continue to
do NAT, if you do port filtering on the Linksys, if each server only has
public ports open, or if you use iptables to filter ports on each server.
Depending on the time you have and the complexity of your applications
it might be worthwhile to hire a consultant. Or keep asking here.
Dave
More information about the LUG
mailing list