[ale] network question

Joseph Andrew Knapka jknapka at earthlink.net
Mon Aug 13 19:36:25 EDT 2001


Joseph Andrew Knapka wrote:
> 
> Wandered Inn wrote:
> >
> > I appreciate all the shared info.  I should have provided more
> > specifics, me thinks.  Here's the deal.  I've got a 8 port 10baset hub
> > that has space, but it's my dmz net.  I have a 5 port 100baset hub that
> > is full and is my internal network.  I want to put another box on my
> > internal network, or worse another subnet that's not my dmz.  My
> > expected solution was to either swap my two hubs, which I don't want to
> > do because of the speed differences, or buy another 5 port hub and hang
> > it off of my existing 5 port hub.
> >
> > Thus the question, could I put this machine on my 8 port dmz hub, give
> > it different subnet ip and then get access to it, primarily from my
> > internal network.  The gateway would be my dual homed box that sits
> > between my dmz hub and my internet net hub.

Afterthought... this sort of setup could be a security hole, in
that if a cracker gets access to your DMZ, they might be more
easily able to get inside your internal net, if a box logically on
the internal net (with which eg cleartext passwords might sometimes
be exchanged) physically lives on the DMZ segment.

> > I first tried giving it an ip from my internal subnet and setting up
> > routes for the dmz router.  That didn't work, so I gave it a completely
> > new subnet ip and tried the same
> >
> > internal net: 172.16.255.0
> > dmz net: 172.16.10.0
> > new box connected to dmz hub: 172.16.200.200
> >
> > I then added a routes:
> >
> > route add 172.16.10.220 eth0  #route to the gateway machine
> > route add -net 172.16.255.0/24 gw 172.16.10.220     #route to the
> > internal net
> 
> The gateway will, of course, require a host route to the
> 172.16.200.200 box; is that done? If the gateway can ping
> 172.16.200.200, the internal net should be able to see it
> as well.

-- 
# Joe Knapka
# "You know how many remote castles there are along the
#  gorges? You can't MOVE for remote castles!" - Lu Tze re. Uberwald
# 2nd Lbl A + 1 = 2nd Pause 2nd Prt A
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list