[Shorewall-users] Advice needed

Holger Brückner lists at net-labs.de
Tue Dec 9 10:12:28 PST 2003


On Mon, 2003-12-08 at 23:40, Carlos Cajina - Hotmail wrote:
>     - The firewall box should have just one NIC since both the internal and external interfaces shouldn't be connected to the same switch in a production enviroment.

imagine the following:


----------------------------------------------------------------
                   highway / motorway / autobahn

-----------        ---------------------------         ---------
           \       \-------------------------/        /        
            \            police control              /
             \--------------------------------------/

now you tell everybody to go through the police control, while the
motorway isn't blocked ? where would you go ?

irf you have a managemable switch you should be able to configure
different vlans on it. that means you'll have separate "switch blocks".
one (2port) could serve the external interface of the firewall and the
uplink. the rest is for the internal lan.

Holger Brueckner
net-labs Systemhaus GmbH







More information about the Shorewall-users mailing list