Firewall behind Router
Monty J. Harder
lists at kc.rr.com
Thu Jan 3 02:29:23 CST 2002
"jose sanchez" <j_r_sanchez at yahoo.com> wrote:
> I want both Servers (WWW & FTP, and soon SMTP) to be
> accessible by the outside world as well as from
> inside. I can have our ISP forward any WWW request to
> any internal IP. This is how I am currently running
> the server. I really don't know how secure our LAN is.
> My boss just wants a firewall installed and that's my
> job to get this done. With your help, ideas, input,
> etc... I would be able to have a better designed and
> less vulnerable network.
Your scheme violates The Prime Directive of Firewalls: Accept no
connections from outside the firewall. The proper way to do this is to put
the servers in the DMZ, so that connections can be opened to them from any
domain. If you must have access to resources within te firewall, it's
probably best to restrict those to VPN tunnels (you can even have the
machine inside the firewall open the tunnel) which provide authentication
and encryption as additional security.
More information about the Kclug
mailing list