RE: tcp/ip routing question / router design EDITED

• Previous message: Barrie Dempster: "Re: Protecting an Exchange server?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: in5ecure24@hotmail.com
Date: Sun, 16 May 2004 06:23:20 -0400

Hello everyone
Thank you for your replys,

Ok heres my problem, I am missing one peice of my designed network. I need 3
PCs working as clients or servers, and a device to route between them, and
my internet connection. Now the peice im missing is the router, id like to
use a PC or the DSL router to route my traffic untill i get my other pc
running (which is to be the router).

Im having rouble deciding which one to use,

i can use the DSL as the router but im restricted to one LAN that way (so i
cant physicaly seperate my LAN and DMZ...), tho i can set up PAT/NAT on the
DSL to 1 pc on the LAN.

                                                        OR

i can use a pc as my router and loose a server from my network, but this was
i can set up IPSec RRAS.... i already have a server sitting right next to me
w. the 3 nics in it i just cant decide which to go w/

so what do you guys think? i figure ill los a bit of security if i use the
dsl, but ill loss a server if i go w/ the pc. so, DSL, PC or OTHER

Thanks once again

>From: "first last" <in5ecure24@hotmail.com>
>To: security-basics@securityfocus.com, firewalls@securityfocus.com
>Subject: tcp/ip routing question / router design
>Date: Thu, 13 May 2004 00:39:54 -0400
>
>hello everyone
>
>I have a question bout which way is a better implementation for a router,
>heres my situation.
>
>I have a dsl "modem" that is a router, but it only has 1 ethernet port. im
>saposed to plug the dsl stright into my pc but im not, i have both
>connected via a switch and everything worked instantaly, so im assuming i
>can plug my servers into the switch and run my network.
>
>What i am trying to do is set up a DMZ, and my LAN to the internet. the
>first way i was going to do this was via a software router/multihoned pc (3
>nics 1 for each network) and set up a firewall and routing ect ect, on that
>pc to securly route my networks.
>
>1 problem is if i use only the dsl as a router (isp -> dsl -> switch ->
>pcs) then what do i do about having seperate networks for my LAN and DMZ
>and internet conectivity? on the otherhand...
>
>If i use a pc as a router seperating my DMZ and LAN is very easy since i
>have a nic for each and 1 for my dsl. i dont see why i cant do this but,
>this will consume a pc, and i dont realy have an extra one.
>
>so my main question is which way do i go w/ or is there other good options,
>mind you money funds are low so simply buying a hardware router isnt realy
>an option. My dsl has options for setting up a public and privet lan, but
>its not like i can physicaly distinguish between the two.
>
>So im pretty much just looking for the best way to set this up (from a
>security standpoint) and recomendations, help, feed back is GREATLY
>apricated - thank you
>
>_________________________________________________________________
>FREE pop-up blocking with the new MSN Toolbar – get it now!
>http://toolbar.msn.com/go/onm00200415ave/direct/01/
>
>
>---------------------------------------------------------------------------
>Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
>any course! All of our class sizes are guaranteed to be 10 students or less
>to facilitate one-on-one interaction with one of our expert instructors.
>Attend a course taught by an expert instructor with years of in-the-field
>pen testing experience in our state of the art hacking lab. Master the
>skills of an Ethical Hacker to better assess the security of your
>organization. Visit us at:
>http://www.infosecinstitute.com/courses/ethical_hacking_training.html
>----------------------------------------------------------------------------
>

_________________________________________________________________
Check out the coupons and bargains on MSN Offers! http://youroffers.msn.com

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

• Previous message: Barrie Dempster: "Re: Protecting an Exchange server?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]