<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:times new roman,new york,times,serif;font-size:12pt">
<div style="font-family: times new roman,new york,times,serif; font-size: 12pt;">
Zach,<br><br>security! security! security! I installed redhat in 1998 and was hacked with in 24 hours. This was a default install with no changes. I now believe in security above all else. I assume that my machine can be accessed from the net. I turn on only services that I need. I then put this machine behind a cheap nat router to add one more layer. I tend to build a dmz around two nat routers. I port forward services to the dmz machine from the internet facing nat router. The second nat router protect the rest of the office. This is how I would setup a public web server on an office network.<br>Note: I turn off upnp on the nat router connected to the internet.<br> <br> ...............<br> | DSL Modem |<br> | |<br>
| |<br> | |<br>
'`'''''|''''''<br> |<br> |<br> +----------------+<br> | Nat Router |<br> | |<br> +--------+-------+<br> |<br> | ....................<br> +------------------| DMZ Host |<br> |
| |<br> | | |<br> | | |<br> | |__________________|<br> +------+--------+<br> | Nat Router |<br>
| |<br> | |<br> | |<br> | |<br> +---------------+<br> |<br> ................. ....................<br> | Switch +--------| Desktop |<br> |...............| |
|<br> | |<br> | |<br> |__________________|<br><br><br>If your goal is to learn to build a firewall router / hardened system, then your setup is fine. Should your dmz system fail you can plug the nat router into the DSL Modem in order to get access to the
net. The switch is optional. If the dmz is down you will need to change the wan address on your nat router ( if static). <br><br>For the most part, the Switch is not needed on the dsl modem. The dsl modem has a 4 ports switch built in. Plug the dsl modem into your DMZ machine nic1. <br><br>Before you deploy the dmz machine run nmap on the public side ( nic1) and note the services you are presenting to the public. Check from time to time to make sure new services are not starting. <br><br><br>Nicholas A. Schembri<br>Pittsburgh PA USA<br><span><a target="_blank" href="http://bamboofields.net">http://bamboofields.net</a></span><br><br>----- Original Message ----<br>From: Zachary Uram <<a rel="nofollow" ymailto="mailto:netrek@gmail.com" target="_blank" href="mailto:netrek@gmail.com">netrek@gmail.com</a>><br>To: General user list <<a rel="nofollow" ymailto="mailto:wplug@wplug.org" target="_blank"
href="mailto:wplug@wplug.org">wplug@wplug.org</a>><br>Sent: Wednesday, May 6, 2009 7:24:44 PM<br>Subject: [wplug] router Linux ideas?<br><br>Hi everyone,<br><br>I got an awesome deal today on a Linksys wired Etherfast Cable/DSL<br>router and 4 port switch. The model number is: BEFSR41 version 3.<br><br>What exactly can I do with this in Linux? I have 2 computers and would<br>like to network them using this.<br><br>It came with 6 foot ethernet cable and a 12V power adapter. Any ideas<br>and/or pointers on what to do to set this up in Linux would be great.<br>Right now I have raw ethernet frames being sent to my laptop which is<br>using static IP so I have nothing in the way:<br><br>Kernel IP routing table<br>Destination Gateway Genmask Flags Metric Ref Use Iface<br>66.93.172.0 0.0.0.0 255.255.255.0 U 0
0 0 eth0<br>0.0.0.0 66.93.172.1 0.0.0.0 UG 0 0 0 eth0<br><br>My eventual goal is to setup a DMZ network and route my public network<br>traffic behind that but for the present I just want to get my 2<br>computers sharing the DSL line using this router I got.<br><br>In case anyone has any feedback here is my planned DMZ setup:<br><span><a target="_blank" href="http://www.hyperyoda.org/my-DMZ-network-diagram.png">http://www.hyperyoda.org/my-DMZ-network-diagram.png</a></span><br><br>Zach<br>_______________________________________________<br>wplug mailing list<br><a rel="nofollow" ymailto="mailto:wplug@wplug.org" target="_blank" href="mailto:wplug@wplug.org">wplug@wplug.org</a><br><span><a target="_blank"
href="http://www.wplug.org/mailman/listinfo/wplug">http://www.wplug.org/mailman/listinfo/wplug</a></span><br><br></div></div></body></html>