From owner-freebsd-questions  Wed Oct 23 20: 6:55 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 25EF437B401
	for <freebsd-questions@FreeBSD.ORG>; Wed, 23 Oct 2002 20:06:54 -0700 (PDT)
Received: from sccrmhc03.attbi.com (sccrmhc03.attbi.com [204.127.202.63])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 855B843E4A
	for <freebsd-questions@FreeBSD.ORG>; Wed, 23 Oct 2002 20:06:53 -0700 (PDT)
	(envelope-from swear@attbi.com)
Received: from localhost.localdomain ([12.242.158.67])
          by sccrmhc03.attbi.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP
          id <20021024030652.IHFH16403.sccrmhc03.attbi.com@localhost.localdomain>;
          Thu, 24 Oct 2002 03:06:52 +0000
Received: from localhost.localdomain (localhost [127.0.0.1])
	by localhost.localdomain (8.12.6/8.12.5) with ESMTP id g9O38oUW048842;
	Wed, 23 Oct 2002 20:08:52 -0700 (PDT)
	(envelope-from swear@attbi.com)
Received: (from jojo@localhost)
	by localhost.localdomain (8.12.6/8.12.5/Submit) id g9O38egJ048839;
	Wed, 23 Oct 2002 20:08:40 -0700 (PDT)
	(envelope-from swear@attbi.com)
X-Authentication-Warning: localhost.localdomain: jojo set sender to swear@attbi.com using -f
To: "Derrick Ryalls" <ryallsd@datasphereweb.com>
Cc: <freebsd-questions@FreeBSD.ORG>
Subject: Re: Linux vs. FreeBSD
References: <006101c27ad1$2b410470$0200a8c0@bartxp>
From: swear@attbi.com (Gary W. Swearingen)
Date: 23 Oct 2002 20:08:40 -0700
In-Reply-To: <006101c27ad1$2b410470$0200a8c0@bartxp>
Message-ID: <l4adl4y1mv.dl4@localhost.localdomain>
Lines: 33
User-Agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.1 (Cuyahoga Valley)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

"Derrick Ryalls" <ryallsd@datasphereweb.com> writes:

> I have an associate who will be making major changes to their network
> and want my help/advice.  He intends to have a something like this:
> 
>                                     ----Web server (Public IP)
> inet -----  router( Public IP) --- /
>                                    \____DMZ (Private IPs)
> 
> 
> The DMZ will house his mail, misc. servers and workstations.

I'm no networking expert, but that doesn't sound like a DMZ to me.
Sounds like your "private" network.  Except I'm not sure how private
it is on the same network as the Web server.  I was told to use:

                /---------DMZ (with public services)
                |
inet --- (router+filter)  [with three NICs]
                |
                \---------PrivateZone (with private services)

If someone cracks one of your buggy public serviers, they're still
"outside" the firewall.

The router+filter is easily handled by a 486/66 at 10Mbps; I don't know
about 100.  Any Unixy OS should do the job OK in all but a few cases,
though different people have favorites for different reasons which I'm
not able or willing to delve into.  All have good, stateful filters
available.  They probably all have ways of booting the router/filter's
software off a floppy or CDROM (picoBSD, for FreeBSD).  I suppose
familiarity is the most important factor.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message