Re: Visitors on LAN
From:Date: 10/19/02
- Next message: GTi: "Re: DMZ file security"
- Previous message: D.C.: "hblnst module???"
- In reply to: Bill Greenley: "Visitors on LAN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 19 Oct 2002 12:39:38 +0100
"Bill Greenley" <bg@bgnospam.com> wrote in message
news:m2Cr9.63085$gr6.59283@rwcrnsc53...
> Is the following a safe/viable means of allowing visitors/vendors to
attach
> to office LAN for Internet access without exposing the LAN (inexpensive
> solution):
>
> The "visitor" port is attached to a SOHO broadband router/switch that has
> DHCP enabled. It's "inside" subnet is 192.168.x with subnet mask of
> 255.255.255.0. On its broadband side it will do a DHCP request on the
> office LAN and receive an "external" IP address in 192.168.y with subnet
> mask 255.255.255.0 This sets up its default gateway (our existing router
to
> Internet) and DNS.
It depends what you are trying to protect. The address trnaslation within
the SOHO router will allow access to "internet" style services on your LAN
(i.e pop mail, web intranet), but should block windows style files shares.
If you want to be more secure a better way may be to connect the SOHO router
to a DMZ on your main firewall - that way you can define exactly what they
have access to on the internal network.
>
> Or, do I have this "daisy-chain" reversed? Seems it would complicated
port
> forwarding or incoming HTTP proxy if I reversed this?
>
> tia
-- Good luckStephen Hope - remove xx from address.
- Next message: GTi: "Re: DMZ file security"
- Previous message: D.C.: "hblnst module???"
- In reply to: Bill Greenley: "Visitors on LAN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
