Re: Q on external router

From: Vinci Chou (vkmchouat_private)
Date: Wed Apr 22 1998 - 23:34:58 PDT

Next message: Marcus J. Ranum: "Re: Q on external router"

Previous message: Eric Vyncke: "Re: Q on external router"
Maybe in reply to: Vinci Chou: "Q on external router"
Next in thread: Marcus J. Ranum: "Re: Q on external router"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Bennett Todd wrote: 

> by
> using one DMZ interface on the bastion, and a hub for the hosts in the
> DMZ, and a trick: assign each DMZ host an address on a separate net
> --- again perhaps using the RFC 1918 addresses and NAT in the bastion.
> Give the bastion's DMZ interface, connected to the hub, addresss on all
> the nets. Have the clients in the DMZ, each on their own separate net
> (travelling over the same ether) all use the bastion for their default
> router. Then let the bastion's ipfw or ipfilter or whatever provide
> access restrictions among the DMZ hosts.

However, because these DMZ hosts are on the same phsical segment, even
they have different net numbers, a compromised host is still able to sniff
the traffic, isn't it ?


Vinci

Next message: Marcus J. Ranum: "Re: Q on external router"
Previous message: Eric Vyncke: "Re: Q on external router"
Maybe in reply to: Vinci Chou: "Q on external router"
Next in thread: Marcus J. Ranum: "Re: Q on external router"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:56:33 PDT