On 12 Apr 2006, in the Usenet newsgroup comp.os.linux.networking, in article
<(E-Mail Removed). com>, Luiz Borges wrote:
>I have a network (let's call it A) connected to a server running
>BrazilFW as a router to the internet. Everything works fine, the
>connection is shared without problems.
>Now I need to connect a second network to the internet (call it B), but
>the network must be isolated from A, so I can't just plug the hub of B
>on the hub of A...
Sorry, I'm not familiar with BrazilFW. Network "A" and "B" - are they
using "real" addresses, or RFC1918 (such as 192.168.x.y)?
>From that point I come up with those options:
>1) A firewall between B and the hub of A to restrict all traffic to the
>server only.
While this prevents "A" from accessing "B" and vice-versa, this doesn't
prevent someone on the router side of the firewall from "hearing" all
Internet traffic.
>2) Put a third NIC on the server. But I don't know if BrazilFW works
>with that.
A quick google search doesn't say one way or the other, though I don't
see why this wouldn't work. I've seen small firewalls such as these used
for "internal" and "DMZ" zones from a common external interface. That
_should_ be enough.
>3) Use a switch to connect the Server, A, and B, and them program the
>switch to allow only A<=>Server and B<=>Server.
That would work
>I don't know if all (or any) of these options will really work, those
>were the first things that come up to my mind. Any more suggestions are
>welcome.
They look good. Minor problem will be routing - in choice 1, the BrazilFW
would have to know to route traffic through the firewall (unless it were
a transparent bridge). For choice 2, if that doesn't work, putting in a
more capable firewall would certainly do the job. This might be a low
end PC with multiple NICs running a router/firewall distribution, or
even a regular Linux that has been rigorously stripped of unneeded
software.
Old guy
|
Similar Threads
Linear Mode
